Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Operations Manager Security Vulnerabilities

cve
cve

CVE-2009-3099

Unspecified vulnerability in HP OpenView Operations Manager 8.1 on Windows Server 2003 SP2 allows remote attackers to have an unknown impact, related to a "Remote exploit," as demonstrated by a certain module in VulnDisco Pack Professional 8.11, a different vulnerability than CVE-2007-3872. NOTE: a...

6.4AI Score

0.924EPSS

2022-10-03 04:23 PM
31
cve
cve

CVE-2009-3843

HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make req...

9.6AI Score

0.887EPSS

2009-11-24 12:30 AM
118
In Wild
cve
cve

CVE-2009-4189

HP Operations Manager has a default password of OvW*busr1 for the ovwebusr account, which allows remote attackers to execute arbitrary code via a session that uses the manager role to conduct unrestricted file upload attacks against the /manager servlet in the Tomcat servlet container. NOTE: this m...

7.5AI Score

0.887EPSS

2022-10-03 04:24 PM
47
cve
cve

CVE-2010-1033

Multiple stack-based buffer overflows in a certain Tetradyne ActiveX control in HP Operations Manager 7.5, 8.10, and 8.16 might allow remote attackers to execute arbitrary code via a long string argument to the (1) LoadFile or (2) SaveFile method, related to srcvw32.dll and srcvw4.dll.

7.8AI Score

0.326EPSS

2010-04-21 02:30 PM
23
cve
cve

CVE-2014-2648

Unspecified vulnerability in HP Operations Manager 9.10 and 9.11 on UNIX allows remote attackers to execute arbitrary code via unknown vectors.

7.8AI Score

0.045EPSS

2014-10-10 01:55 AM
179
cve
cve

CVE-2014-2649

Unspecified vulnerability in HP Operations Manager 9.20 on UNIX allows remote attackers to execute arbitrary code via unknown vectors.

7.8AI Score

0.029EPSS

2014-10-10 01:55 AM
27
cve
cve

CVE-2014-3806

Directory traversal vulnerability in cgi-bin/help/doIt.cgi in VMTurbo Operations Manager before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the xml_path parameter.

6.8AI Score

0.185EPSS

2014-05-21 02:55 PM
23
cve
cve

CVE-2014-5073

vmtadmin.cgi in VMTurbo Operations Manager before 4.6 build 28657 allows remote attackers to execute arbitrary commands via shell metacharacters in the fileDate parameter in a DOWN call.

7.8AI Score

0.916EPSS

2014-08-29 05:00 PM
16
cve
cve

CVE-2016-0883

Pivotal Cloud Foundry (PCF) Ops Manager before 1.5.14 and 1.6.x before 1.6.9 uses the same cookie-encryption key across different customers' installations, which allows remote attackers to bypass session authentication by leveraging knowledge of this key from another installation.

9.8CVSS

9.5AI Score

0.006EPSS

2016-09-18 02:59 AM
17
cve
cve

CVE-2016-0897

Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 and 1.7.x before 1.7.8, when vCloud or vSphere is used, does not properly enable SSH access for operators, which has unspecified impact and remote attack vectors.

9.8CVSS

9.4AI Score

0.002EPSS

2016-09-18 02:59 AM
17
cve
cve

CVE-2016-0930

Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.19 and 1.7.x before 1.7.10, when vCloud or vSphere is used, has a default password for compilation VMs, which allows remote attackers to obtain SSH access by connecting within an installation-time period during which these VMs exist.

9.8CVSS

9.4AI Score

0.005EPSS

2016-09-18 02:59 AM
15
cve
cve

CVE-2016-1985

HPE Operations Manager 8.x and 9.0 on Windows allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.

10CVSS

9.6AI Score

0.007EPSS

2016-01-30 03:59 PM
22
cve
cve

CVE-2016-4373

The AdminUI in HPE Operations Manager (OM) before 9.21.130 on Linux, Unix, and Solaris allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

9.8CVSS

9.6AI Score

0.004EPSS

2016-08-01 02:59 AM
19
cve
cve

CVE-2016-4380

Cross-site scripting (XSS) vulnerability in the AdminUI in HPE Operations Manager 9.21.x before 9.21.130 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

5.4CVSS

5AI Score

0.002EPSS

2016-09-08 04:59 PM
13
4
cve
cve

CVE-2018-11045

Pivotal Operations Manager, versions 2.1 prior to 2.1.6 and 2.0 prior to 2.0.15 and 1.12 prior to 1.12.22, contains a static Linux Random Number Generator (LRNG) seed file embedded in the appliance image. An attacker with knowledge of the exact version and IaaS of a running OpsManager could get the...

5.9CVSS

5.5AI Score

0.002EPSS

2018-07-11 08:29 PM
25
cve
cve

CVE-2018-11046

Pivotal Operations Manager, versions 2.1.x prior to 2.1.6 and version 2.0.14, includes NGINX packages that lacks security vulnerability patches. An attacker with access to the NGINX processes and knowledge of how to exploit the unpatched vulnerabilities may be able to impact Operations Manager

6.5CVSS

6.5AI Score

0.001EPSS

2018-06-25 03:29 PM
27
cve
cve

CVE-2018-11081

Pivotal Operations Manager, versions 2.2.x prior to 2.2.1, 2.1.x prior to 2.1.11, 2.0.x prior to 2.0.16, and 1.11.x prior to 2, fails to write the Operations Manager UAA config onto the temp RAM disk, thus exposing the configs directly onto disk. A remote user that has gained access to the Operatio...

8.8CVSS

8.6AI Score

0.003EPSS

2018-10-05 09:29 PM
19
cve
cve

CVE-2018-15762

Pivotal Operations Manager, versions 2.0.x prior to 2.0.24, versions 2.1.x prior to 2.1.15, versions 2.2.x prior to 2.2.7, and versions 2.3.x prior to 2.3.1, grants all users a scope which allows for privilege escalation. A remote malicious user who has been authenticated may create a new client wi...

9CVSS

8.5AI Score

0.001EPSS

2018-11-02 10:29 PM
18
cve
cve

CVE-2019-11270

Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the 'clients.write' authority or scope can bypass the restrictions imposed on clients created via 'clients.write' and create clients with arbitrary scopes that the creator does not possess.

7.5CVSS

7.5AI Score

0.001EPSS

2019-08-05 05:15 PM
36
cve
cve

CVE-2019-11292

Pivotal Ops Manager, versions 2.4.x prior to 2.4.27, 2.5.x prior to 2.5.24, 2.6.x prior to 2.6.16, and 2.7.x prior to 2.7.5, logs all query parameters to tomcat’s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well.

6.5CVSS

6.4AI Score

0.001EPSS

2020-01-09 12:15 AM
69
cve
cve

CVE-2019-3776

Pivotal Operations Manager, 2.1.x versions prior to 2.1.20, 2.2.x versions prior to 2.2.16, 2.3.x versions prior to 2.3.10, 2.4.x versions prior to 2.4.3, contains a reflected cross site scripting vulnerability. A remote user that is able to convince an Operations Manager user to interact with mali...

7.2CVSS

5.6AI Score

0.001EPSS

2019-03-07 06:29 PM
18
cve
cve

CVE-2019-3790

The Pivotal Ops Manager, 2.2.x versions prior to 2.2.23, 2.3.x versions prior to 2.3.16, 2.4.x versions prior to 2.4.11, and 2.5.x versions prior to 2.5.3, contain configuration that circumvents refresh token expiration. A remote authenticated user can gain access to a browser session that was supp...

6.1CVSS

5.3AI Score

0.001EPSS

2019-06-06 07:29 PM
148
cve
cve

CVE-2020-5414

VMware Tanzu Application Service for VMs (2.7.x versions prior to 2.7.19, 2.8.x versions prior to 2.8.13, and 2.9.x versions prior to 2.9.7) contains an App Autoscaler that logs the UAA admin password. This credential is redacted on VMware Tanzu Operations Manager; however, the unredacted logs are ...

5.7CVSS

5.5AI Score

0.001EPSS

2020-07-31 08:15 PM
19