HPSBHF03439 rev.2 - HP Commercial PCs with Sure Start, Local Denial of Service

Potential Security Impact Denial of Service DoS Source: Hewlett­Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY HP has identified a potential security vulnerability with the Sure Start implementation on certain 2015 commercial platforms. This vulnerability could be...

HPSBHF03310 rev.2 - HP Thin Clients running Windows Embedded Standard 7 (WES7) or Windows Embedded Standard 2009 (WES09) with HP Easy Deploy, Remote Elevation of Privilege, Execution of Code

Potential Security Impact Remote elevation of privilege, execution of code VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with certain HP Thin Clients running Windows Embedded Standard 7 WES7 and Windows Embedded Standard 2009 WES09 and all versions of HP Easy Deplo...

HPSBPI02868 SSRT101017 rev.2 - HP Managed Printing Administration (MPA), Remote Cross Site Scripting (XSS)

Potential Security Impact Remote cross site scripting XSS VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP Managed Printing Administration MPA. The vulnerability could be exploited remotely resulting in cross site scripting XSS. RESOLUTION HP has made HP Manage...

HPSBPI02851 SSRT101078 rev.2 - Certain HP LaserJet Pro Printers, Unauthorized Access to Data

Potential Security Impact Unauthorized access to data VULNERABILITY SUMMARY A potential security vulnerability has been identified with certain HP LaserJet Pro printers. The vulnerability could be exploited remotely to gain unauthorized access to data. RESOLUTION HP has provided firmware updates...

HPSBPI02807 SSRT100928 rev.2 - HP LaserJet Pro 400 Multi Function Printers, Remote Unauthorized Access

Potential Security Impact Remote unauthorized access VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with certain HP LaserJet Pro 400 Multifunction Printers MFP. The vulnerabilities could be remotely exploited to allow unauthorized access. RESOLUTION HP has provided...

HPSBPI02640 SSRT100410 rev.2 - HP MFP Digital Sending Software Running on Windows, Authentication Bypass

Potential Security Impact Authentication bypass VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP MFP Digital Sending Software running on Windows. The vulnerability could cause authentication to be disabled for managed devices. This could allow access to the...

AMD Client UEFI DXE Driver Memory Leaks September 2023 Security Update

AMD has informed HP of potential vulnerabilities identified in some AMD client platform firmware components, which might allow denial of service or information disclosure. AMD is releasing firmware updates to mitigate these vulnerabilities. AMD has released updates to mitigate the potential...

Certain HP LaserJet Pro print products - Potential elevation of privilege and/or information disclosure

Certain HP LaserJet Pro print products are potentially vulnerable to an Elevation of Privilege and/or Information Disclosure related to a lack of authentication with certain endpoints. Update the printer firmware...

Intel® Optane™ PMem August 2021 Security Update

Intel has informed HP of a potential security vulnerability identified in some Intel® Optane™ Persistent Memory PMem, which may allow denial of service. Intel is releasing firmware updates to mitigate this potential vulnerability. Intel has released updates to mitigate the potential vulnerability...

HPSBPI03693 rev. 1 - Certain HP OfficeJet Printers, Remote Denial of Service (DoS)

Potential Security Impact Denial of Service DOS Source: HP, HP Product Security Response Team PSRT Reported by: MT-SRG and VARAS VULNERABILITY SUMMARY HP has identified a potential security vulnerability with certain HP OfficeJet printers. The vulnerability could be exploited remotely to create a...

HPSBPI03646 rev.1 - Certain HP Enterprise MFP products: Elevation of Privilege

Potential Security Impact Elevation of privilege VULNERABILITY SUMMARY A potential security vulnerability has been identified for certain HP multifunction printers MFP which may lead to elevation of privilege. RESOLUTION HP has provided firmware updates for potentially impacted printers for the...

HPSBPI03580 rev. 2 - Cross Site Request Forgery Vulnerability for Certain HP Enterprise and PageWide Printers

Potential Security Impact Elevation of Privilege. Reported by: Mohamed Abdelbaset Elnoby VULNERABILITY SUMMARY A potential security vulnerability has been identified with certain HP Enterprise and PageWide printers and MFPs. This vulnerability is known as Cross Site Request Forgery and could...

HPSBGN03577 rev 1 - Exposure of Application Configuration Details - Tommy Hilfiger TH24/7 Android app

Potential Security Impact Information exposure of application configuration. Reported By: Akshay Jain VULNERABILITY SUMMARY A potential security vulnerability caused by incomplete obfuscation of application configuration information was discovered. HP has no access to customer data as a result of...

HPSBMI02573 SSRT100227 rev.1 - Palm webOS, webOS Doc Viewer, Execution of Arbitrary Code

Potential Security Impact Execution of arbitrary code VULNERABILITY SUMMARY A potential security vulnerability has been identified with Palm webOS Doc Viewer. This vulnerability could be exploited to execute arbitrary code. RESOLUTION The vulnerability can be resolved by updating affected devices...

HPSBPI02532 SSRT100111 rev.3 - HP MFP Digital Sending Software Running on Windows, Local Unauthorized Access

Potential Security Impact Local unauthorized access VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP MFP Digital Sending Software running on Windows. The vulnerability could be exploited by a local user to gain unauthorized access to "Send to e-mail" and other...

HPSBPI02463 SSRT090061 rev.2 - HP LaserJet Printers, HP Color LaserJet Printers, Remote Cross Site Scripting (XSS)

Potential Security Impact Remote Cross Site Scripting XSS VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with certain HP LaserJet printers, HP Color LaserJet printers and HP Digital Senders. The vulnerabilities could be exploited remotely by Cross Site Scripting XSS...

HPSBPI02226 SSRT061274 rev.2 - HP Help and Support Center Running on HP Notebook Computers Running with Windows XP, Remote Unauthorized Access

Potential Security Impact Remote unauthorized access VULNERABILITY SUMMARY A potential security vulnerability has been identified in HP Help and Support Center running on HP Notebook Computers running with Windows XP. The vulnerability could be remotely exploited to allow unauthorized access to t...

HPSBPI2109 SSRT061141 rev.2 - HP Color LaserJet 2500 and 4600 Toolbox Running on Microsoft Windows Remote Unauthorized Disclosure of Information

Potential Security Impact Remote unauthorized disclosure of information VULNERABILITY SUMMARY A potential security vulnerability has been identified in the HP Color LaserJet 2500 and 4600 Toolbox, which may allow an unauthorized remote attacker to read arbitrary files. RESOLUTION HP has provided...

Intel Processor Firmware May 2026 Security Update

Intel has informed HP of a potential security vulnerability identified in some Intel® Processors, which might allow information disclosure. Intel is releasing microcode updates to mitigate this potential vulnerability. Intel has released updates to mitigate the potential vulnerability. HP has...

HP Linux Imaging and Printing Software - Use of DSA Key

A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software documentation. This potential vulnerability is due to the use of a weak code signing key, Digital Signature Algorithm DSA. HP has identified affected versions and the minimum software version that...

AMD Client UEFI Firmware August 2024 Security Update

AMD has informed HP of potential security vulnerabilities identified in some AMD client platform firmware components, which might allow arbitrary code execution, escalation of privilege, information disclose, or denial of service. AMD is releasing firmware updates to mitigate these vulnerabilitie...

AMD Graphics Driver August 2024 Security Update

AMD has informed HP of potential security vulnerabilities identified in some AMD Graphics Drivers for Windows, which might allow denial of service or information disclosure. AMD is releasing software updates to mitigate these vulnerabilities. AMD has released updates to mitigate the potential...

Intel Thunderbolt Controller February 2024 Security Update

Intel has informed HP of a potential security vulnerability in some Intel® Thunderbolt™ Controllers, which might allow denial of service. Intel is releasing firmware updates to mitigate this potential vulnerability. Intel has released updates to mitigate the potential vulnerability. HP has...

Certain HP Enterprise LaserJet, LaserJet Managed printers - Potential denial of service, potential Cross Site Scripting (XSS)

Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to denial of service due to WS-Print request and potential injections of Cross Site Scripting via jQuery-UI. Update your printer firmware...

Certain DesignJet and PageWide XL products - Potential information disclosure

Certain DesignJet and PageWide XL TAA compliant models may have risk of potential information disclosure if the hard disk drive is physically removed from the printer. HP has provided firmware updates to resolve the issue for the potentially affected products listed in the table below...

HPSBPI03596 rev. 2 - HP LaserJet Enterprise, HP PageWide Enterprise, HP LaserJet Managed, and HP OfficeJet Enterprise Printers, Execution of Arbitrary Code

Potential Security Impact Execution of arbitrary code. Source: HP, HP Product Security Response Team PSRT VULNERABILITY SUMMARY Solution application signature checking may allow potential execution of arbitrary code. RESOLUTION HP has provided firmware updates for impacted printers as indicated i...

HPSBHF03545 rev. 2 - HP EliteBook and Zbook Products with Windows NVidia Graphics Driver, Multiple Local Vulnerabilities

Potential Security Impact Multiple Vulnerabilities Source: Hewlett­Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities identified with Windows running the NVidia Graphics Driver have been addressed in certain HP EliteBook and Zbook Products...

HPSBPI03315 rev.2 - HP Capture and Route Software, Remote Information Disclosure

Potential Security Impact Remote information disclosure VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP Capture and Route Software. The vulnerability could result in information disclosure. RESOLUTION Use HPCR 1.4 version 1.4 or later. HP has provided the...

Intel NPU Driver May 2026 Security Update

Intel has informed HP of potential vulnerabilities identified in the Intel® NPU Drivers which might allow escalation of privilege or denial of service. Intel is releasing software updates to mitigate these potential vulnerabilities. Intel has released updates to mitigate the potential...

Intel Chipset Firmware August 2025 Security Update

Intel has informed HP of potential security vulnerabilities in some Intel® Converged Security and Manageability Engine CSME, Intel® Active Management Technology AMT, and Intel® Standard Manageability, which might allow information disclosure or escalation of privilege. Intel is releasing firmware...

Intel 2024.3 IPU – BIOS Security Updates

Intel has informed HP of potential security vulnerabilities for some Intel® Processors, which might allow escalation of privilege, denial of service or information disclosure. Intel is releasing UEFI firmware updates to mitigate these potential vulnerabilities. Intel has released updates to...

Intel Xeon Processor August 2024 Security Update

Intel has informed HP of ⁠potential security vulnerabilities in some Intel® Xeon® Processors, which might allow escalation of privilege or denial of service. Intel is releasing firmware updates to mitigate these potential vulnerabilities. Intel has released updates to mitigate the potential...

UC Software – Improper Access Control

A vulnerability was discovered in the firmware builds after 8.0.2.3267 and prior to 8.1.3.1301 in CCX devices. A flaw in the firmware build process did not properly restrict access to a resource from an unauthorized actor. The recommendation is to update an impacted device to the latest firmware...

Intel® Integrated Sensor Solution February 2023 Security Update

Intel has informed HP of a potential security vulnerability in the Intel® Integrated Sensor Solution that might allow denial of service. Intel is releasing firmware updates to mitigate this potential vulnerability. Intel has released updates to mitigate the potential vulnerability. HP has...

Realtek HD Audio Driver December 2022 Security Update

HP has been informed of a potential security vulnerability identified in some Realtek® High-Definition Audio Windows drivers which might allow denial of service system crash. Realtek has released updated drivers to mitigate the potential vulnerability. Realtek released updates to mitigate the...

Certain HP PageWide Pro printers - Potential denial of service

Certain HP PageWide Pro Printers may be vulnerable to a potential denial of service attack. HP has provided firmware updates for potentially affected products listed in the table below...

HPSBHF03598 rev. 6 - EDK II Untested Memory Not Covered by SMM Page Protections

Potential Security Impact Escalation of Privilege, Information Disclosure Source: HP, HP Product Security Response Team PSRT Reported By: TianoCore Bugzilla VULNERABILITY SUMMARY Incorrect handling of memory types in TianoCore firmware potentially allows an attacker with local access to bypass...

HPSBGN03561 rev.2 - HP Support Assistant Potential Escalation of Privilege

Potential Security Impact Escalation of privilege and unauthorized modification of directories or files. Source: HP, HP Product Security Response Team PSRT Reported by: Danny Wei of Tencent's Xuanwu Lab VULNERABILITY SUMMARY The vulnerability allows attacker to extract binaries into protected fil...

HPSBPI03546 rev.3 - HP LaserJet Printers and MFPs, HP OfficeJet Enterprise Printers, Remote Disclosure of Information

Potential Security Impact Remote disclosure of information Source: HP Development Company, HP Product Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified with certain HP LaserJet Printers and MFPs, and certain HP OfficeJet Enterprise printers and...

HPSBPI02711 SSRT100647 rev.2 - HP MFP Digital Sending Software Running on Windows, Local Information Disclosure

Potential Security Impact Local information disclosure VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP MFP Digital Sending Software running on Windows. The vulnerability could result in disclosure of personal information contained in workflow metadata to...

HPSBPI02228 SSRT071404 rev.2 - HP Instant Support - Driver Check Running on Windows XP, Remote Unauthorized Access

Potential Security Impact Remote unauthorized access VULNERABILITY SUMMARY A potential security vulnerability has been identified with an ActiveX control in HP Instant Support - Driver Check running on Microsoft Windows. The vulnerability could be remotely exploited to allow unauthorized access t...

Intel PTT and SPS Firmware June 2025 Security Update

Intel has informed HP of a potential security vulnerability for some Intel® PTT and Intel® SPS firmware, which might allow denial of service. Intel is releasing firmware updates to mitigate this potential vulnerability. Intel has released updates to mitigate the potential vulnerability. Certain H...

Intel 2024.3 IPU – Chipset Firmware Security Update

Intel has informed HP of potential security vulnerabilities in Intel® Converged Security and Manageability Engine CSME, Intel® Active Management Technology AMT, Intel® Standard Manageability, Intel® PROSet/Wireless and Intel® Killer™ Wi-Fi software, which might allow escalation of privilege, deni...

HP Security Manager - Potential Remote Code Execution

HP Security Manager is potentially vulnerable to Remote Code Execution as a result of code vulnerability within the product's solution open-source libraries. HP has provided a software update for potentially affected products...

Clariti Manager - Arbitrary File Upload

A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware flaw does not properly sanitize user input. The recommendation is to update an impacted device to firmware build 10.12.0.2100 or later. Customers can receive the latest builds throu...

Certain HP LaserJet Pro – Potential Cross-Site Scripting (XSS)

Certain HP LaserJet Pro devices are potentially vulnerable to a Cross-Site Scripting XSS attack via the web management interface of the device. Update your printer firmware...

Intel Extreme Tuning Utility (XTU) November 2023 Security Update

Intel has informed HP of a potential security vulnerability in some Intel® Extreme Tuning Utility XTU software, which might allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Intel has released updates to mitigate the potential...

HP ThinUpdate - Improper Certificate Validation

A potential security vulnerability has been identified in the HP ThinUpdate utility also known as HP Recovery Image and Software Download Tool which may lead to information disclosure. HP is releasing mitigation for the potential vulnerability. HP ThinUpdate version 2.7.15 has been updated to...

HPSBHF03600 rev. 2 - Insecure Handling of BIOS and AMT Passwords

Potential Security Impact Information Disclosure Source: HP, HP Product Security Response Team PSRT Reported by: Intel VULNERABILITY SUMMARY A potential security vulnerability has been identified with the Intel platform code firmware included in certain Intel vPro Processor families with AMT...

HPSBPI02507 SSRT100012 rev.3 - HP DreamScreen, Remote Disclosure of Information

Potential Security Impact Remote disclosure of information VULNERABILITY SUMMARY A potential security vulnerability has been identified with web-connected HP DreamScreen. This vulnerability could be exploited remotely to allow disclosure of information. RESOLUTION HP has provided the following...