HP Security Vulnerabilities
HP Service Manager 9.30 through 9.32 allows remote authenticated users to obtain sensitive information via unspecified...
5.9AI Score
0.001EPSS
Cross-site request forgery (CSRF) vulnerability in html/json.html on HP 2620 switches allows remote attackers to hijack the authentication of administrators for requests that change an administrative password via the setPassword...
7.5AI Score
0.001EPSS
hpdiags/frontend2/help/pageview.php in HP Insight Diagnostics 9.4.0.4710 does not properly restrict PHP include or require statements, which allows remote attackers to include arbitrary hpdiags/frontend2/help/ .html files via the path...
7AI Score
0.005EPSS
HP Insight Diagnostics 9.4.0.4710 allows remote attackers to conduct unspecified injection attacks via unknown...
7.1AI Score
0.002EPSS
Absolute path traversal vulnerability in hpdiags/frontend2/commands/saveCompareConfig.php in HP Insight Diagnostics 9.4.0.4710 allows remote attackers to write data to arbitrary files via a full pathname in the argument to the devicePath (aka mount)...
6.9AI Score
0.005EPSS
Integer overflow in the _ncp32._NtrpTCPReceiveMsg function in rds.exe in the Cell Manager Database Service in the Application Recovery Manager component in HP OpenView Storage Data Protector 5.50 and 6.0 allows remote attackers to execute arbitrary code via a large value in the size...
7.5AI Score
0.206EPSS
Stack-based buffer overflow in OmniInet.exe (aka the backup client service daemon) in the Application Recovery Manager component in HP OpenView Storage Data Protector 5.50 and 6.0 allows remote attackers to execute arbitrary code via an MSG_PROTOCOL command with long arguments, a different...
7.7AI Score
0.965EPSS
HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to obtain sensitive information via (1) a crafted request to the nnmRptConfig.exe CGI program, which reveals the pathname of log directories; or (2) a crafted parameter in a request to the ovlaunch.exe CGI...
6AI Score
EPSS
Buffer overflow in the ovlaunch CGI program in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 on Windows allows remote attackers to execute arbitrary code via a crafted Host parameter. NOTE: this issue may be partially covered by...
7.7AI Score
EPSS
HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via shell metacharacters in argument fields to the (1) webappmon.exe or (2) OpenView5.exe CGI program. NOTE: this issue may be partially covered by...
7.6AI Score
EPSS
HP DECnet-Plus 8.3 before ECO03 for OpenVMS on the Alpha platform uses world-writable permissions for the OSIT$NAMES logical name table, which allows local users to bypass intended access restrictions and modify this table via the (1) SYS$CRELNM and (2) SYS$DELLNM system...
6.4AI Score
0.0004EPSS
9.8CVSS
9.5AI Score
0.004EPSS
9.8CVSS
9.3AI Score
0.002EPSS
An isolated local disclosure of information and potential isolated local arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability were discovered in HPE Integrated Lights-Out 5 (iLO 5) in Version: 2.71. Hewlett Packard Enterprise.....
7.8CVSS
7.7AI Score
0.0004EPSS
A remote potential adjacent denial of service (DoS) and potential adjacent arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability were discovered in HPE Integrated Lights-Out 5 (iLO 5) in Version: 2.71. Hewlett Packard...
8.8CVSS
8.9AI Score
0.001EPSS
A potential local adjacent arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability was discovered in HPE Integrated Lights-Out 5 (iLO 5) in Version: 2.71. Hewlett Packard Enterprise has provided updated firmware for HPE...
8.8CVSS
8.7AI Score
0.001EPSS
A local Denial of Service (DoS) and local arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability were discovered in HPE Integrated Lights-Out 5 (iLO 5) in Version: 2.71. Hewlett Packard Enterprise has provided updated firmware...
7.8CVSS
7.8AI Score
0.0004EPSS
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...
5.4CVSS
5.1AI Score
0.001EPSS
A potential security vulnerability has been identified in HP ThinPro 7.2 Service Pack 8 (SP8). The security vulnerability in SP8 is not remedied after upgrading from SP8 to Service Pack 9 (SP9). HP has released Service Pack 10 (SP10) to remediate the potential vulnerability introduced in...
5.5CVSS
5.5AI Score
0.0004EPSS
A vulnerability in the Aruba Virtual Intranet Access (VIA) client for Microsoft Windows operating system client communications that could allow for an attacker in a privileged network position to intercept sensitive information in Aruba Virtual Intranet Access (VIA) client for Microsoft Windows...
5.9CVSS
5.4AI Score
0.002EPSS
A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): Prior to 7.0 or 6.60.01. A low privileged user could locally exploit this vulnerability to disclose sensitive information resulting in a complete loss of confidentiality, integrity, and...
5.5CVSS
5AI Score
0.0004EPSS
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially...
5.4CVSS
5.2AI Score
0.001EPSS
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 could allow an authenticated user to obtain sensitive information due to improper permission controls. IBM X-Force ID:...
6.5CVSS
6AI Score
0.001EPSS
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the....
9.8CVSS
9.3AI Score
0.001EPSS
IBM Sterling File Gateway 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the...
5.3CVSS
4.9AI Score
0.001EPSS
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...
6.1CVSS
5.8AI Score
0.001EPSS
Security vulnerabilities in HPE IceWall SSO 10.0 certd could be exploited remotely to allow SQL injection or unauthorized data injection. HPE has provided the following updated modules to resolve these vulnerabilities. HPE IceWall SSO version 10.0 certd library Patch 9 for RHEL and HPE IceWall SSO....
9.8CVSS
9.9AI Score
0.001EPSS
IBM Spectrum Protect Client 8.1.0.0 through 8.1.14.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID:...
5.5CVSS
5AI Score
0.0004EPSS
IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID:...
9.8CVSS
8.8AI Score
0.001EPSS
IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the...
9.8CVSS
9.2AI Score
0.001EPSS
A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE...
9.8CVSS
9.3AI Score
0.002EPSS
A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE...
6.1CVSS
5.9AI Score
0.001EPSS
A potential security vulnerability has been identified in Integrated Lights-Out 4 (iLO 4). The vulnerability could allow remote Denial of Service. The vulnerability is resolved in Integrated Lights-Out 4 (iLO 4) 2.80 and...
7.5CVSS
7.5AI Score
0.006EPSS
A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE...
7.5CVSS
7.3AI Score
0.002EPSS
A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE...
6.1CVSS
5.9AI Score
0.001EPSS
Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code...
9.8CVSS
9.7AI Score
0.008EPSS
Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code...
9.8CVSS
9.7AI Score
0.008EPSS
Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code...
7.5CVSS
8.4AI Score
0.006EPSS
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information...
8.2CVSS
8.4AI Score
0.0004EPSS
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information...
8.2CVSS
8.4AI Score
0.0004EPSS
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information...
8.2CVSS
8.4AI Score
0.0004EPSS
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information...
8.2CVSS
8.4AI Score
0.0004EPSS
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information...
8.2CVSS
8.5AI Score
0.0004EPSS
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information...
8.2CVSS
8.4AI Score
0.0004EPSS
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information...
8.2CVSS
8.4AI Score
0.0004EPSS
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information...
8.2CVSS
8.4AI Score
0.0004EPSS
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information...
8.2CVSS
8.4AI Score
0.0004EPSS
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information...
8.2CVSS
8.4AI Score
0.0004EPSS
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information...
8.2CVSS
9.1AI Score
0.0004EPSS
Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of...
5.5CVSS
5.8AI Score
0.0004EPSS