Hpe Security Vulnerabilities
A potential security vulnerability has been identified in certain HPE FlexNetwork and FlexFabric switch products. The vulnerability could be remotely exploited to allow cross site scripting (XSS). HPE has made the following software updates to resolve the vulnerability. HPE FlexNetwork 5130EL_7.10....
4.8CVSS
4.9AI Score
0.001EPSS
A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. A highly privileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality, integrity, and availa...
6.7CVSS
6.8AI Score
0.0004EPSS
A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality, integrity, and availabili...
8.4CVSS
8.4AI Score
0.001EPSS
A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality, integrity, and availabili...
8.4CVSS
8.4AI Score
0.001EPSS
A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. A low privileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality, integrity, and availabil...
7.8CVSS
7.7AI Score
0.0004EPSS
A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality and integrity, and a parti...
7.3CVSS
7.3AI Score
0.001EPSS
A potential arbitrary code execution and a denial of service (DoS) vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could exploit this vulnerability in an adjacent network to potentially execute ...
8.8CVSS
8.8AI Score
0.001EPSS
A potential arbitrary code execution and a denial of service (DoS) vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could exploit this vulnerability in an adjacent network to potentially execute ...
8.8CVSS
8.8AI Score
0.001EPSS
A local disclosure of sensitive information and a local unauthorized data modification vulnerability were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could locally exploit this vulnerability to read and write to the iLO 5 firmware file ...
7.3CVSS
6.6AI Score
0.001EPSS
A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. A highly privileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality, integrity, and availa...
6.7CVSS
6.8AI Score
0.0004EPSS
A potential local arbitrary code execution and a local denial of service (DoS) vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could locally exploit this vulnerability to potentially execute arb...
7.4CVSS
7.7AI Score
0.001EPSS
A potential local arbitrary code execution and a local denial of service (DoS) vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could locally exploit this vulnerability to potentially execute arb...
7.4CVSS
7.7AI Score
0.001EPSS
A local Denial of Service (DoS) and local arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability were discovered in HPE Integrated Lights-Out 5 (iLO 5) in Version: 2.71. Hewlett Packard Enterprise has provided updated firmware fo...
7.8CVSS
7.8AI Score
0.0004EPSS
An isolated local disclosure of information and potential isolated local arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability were discovered in HPE Integrated Lights-Out 5 (iLO 5) in Version: 2.71. Hewlett Packard Enterprise h...
7.8CVSS
7.7AI Score
0.0004EPSS
A remote potential adjacent denial of service (DoS) and potential adjacent arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability were discovered in HPE Integrated Lights-Out 5 (iLO 5) in Version: 2.71. Hewlett Packard Enterprise...
8.8CVSS
8.9AI Score
0.001EPSS
A potential local adjacent arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability was discovered in HPE Integrated Lights-Out 5 (iLO 5) in Version: 2.71. Hewlett Packard Enterprise has provided updated firmware for HPE Integrated...
8.8CVSS
8.7AI Score
0.001EPSS
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Hewlett Packard Enterprise HPE OneView Global Dashboard (OVGD).
6.1CVSS
6.2AI Score
0.001EPSS
Insufficient Verification of Data Authenticity vulnerability in Hewlett Packard Enterprise HPE Nimble Storage Hybrid Flash Arrays and Nimble Storage Secondary Flash Arrays.
8CVSS
6.5AI Score
0.001EPSS
Improper Privilege Management vulnerability in Hewlett Packard Enterprise Nimble Storage Hybrid Flash Arrays and Nimble Storage Secondary Flash Arrays.
6.7CVSS
5.6AI Score
0.0004EPSS
A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays and HPE Nimble Storage Secondary Flash Arrays which could potentially allow local disclosure of sensitive information.
6.7CVSS
5.5AI Score
0.0004EPSS
A potential security vulnerability has been identified in Hewlett Packard Enterprise OfficeConnect 1820, 1850, and 1920S Network switches. The vulnerability could be remotely exploited to allow authentication bypass. HPE has made the following software updates to resolve the vulnerability in Hewlet...
9.8CVSS
9.4AI Score
0.002EPSS
A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 servers. The vulnerability could be exploited to allow local unauthorized data injection. HPE has made the following software updates to resolve the vulnerability in HPE Superdome Flex firmware 3.60....
7.8CVSS
7.5AI Score
0.0004EPSS
A potential security vulnerability has been identified in HPE OfficeConnect 1820, and 1850 switch series. The vulnerability could be remotely exploited to allow remote directory traversal in HPE OfficeConnect 1820 switch series version PT.02.17 and below, HPE OfficeConnect 1850 switch series versio...
7.5CVSS
7.5AI Score
0.002EPSS
9.8CVSS
9.4AI Score
0.002EPSS
9.8CVSS
9.5AI Score
0.002EPSS
9.8CVSS
9.4AI Score
0.002EPSS
A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 servers. The vulnerability could be locally exploited to allow disclosure of information. HPE has made the following software to resolve the vulnerability in HPE Superdome Flex Servers v3.65.8 and Su...
5.5CVSS
5.4AI Score
0.0004EPSS
Potential security vulnerabilities have been identified in the HPE FlexFabric 5700 Switch Series. These vulnerabilities could be remotely exploited to allow host header injection and URL redirection. HPE has made the following software to resolve the vulnerability in HPE FlexFabric 5700 Switch Seri...
6.1CVSS
6.6AI Score
0.001EPSS
An authenticated remote code execution vulnerabilityexists in the AOS-CX Network Analytics Engine. Successfulexploitation of this vulnerability results in the ability toexecute arbitrary code as a privileged user on the underlyingoperating system, leading to a complete compromise of theswitch runni...
8.8CVSS
8.7AI Score
0.002EPSS
HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens
5.5CVSS
5.7AI Score
0.0004EPSS
An HPE OneView Global Dashboard (OVGD) appliance dump may expose OVGD user account credentials
5.5CVSS
5.6AI Score
0.0004EPSS
A security vulnerability in HPE Insight Remote Support may result in the local disclosure of privileged LDAP information.
5.5CVSS
5.4AI Score
0.0004EPSS
The MC990 X and UV300 RMC component has and inadequate default configuration that could be exploited to obtain enhanced privilege.
7.8CVSS
7.5AI Score
0.0004EPSS
7.8CVSS
7.7AI Score
0.0004EPSS
HPE MSA Controller prior to version IN210R004 could be remotely exploited to allow inconsistent interpretation of HTTP requests.
5.4CVSS
5.5AI Score
0.0004EPSS
HPE Integrated Lights-Out 5, and Integrated Lights-Out 6 using iLOrest may cause denial of service.
7.5CVSS
7.5AI Score
0.0005EPSS
9.8CVSS
9.7AI Score
0.004EPSS
An authenticated command injection vulnerability exists in the AOS-CX command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands on the underlying operating system as a privileged user on the affected switch. This allows an attacker to...
8.8CVSS
8.7AI Score
0.001EPSS
A vulnerability in the ArubaOS-Switch web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface provided certain configuration options are present. A successful exploit could allow an attacker to exe...
8.3CVSS
6AI Score
0.001EPSS
An authenticated remote code execution vulnerability exists in the command line interface in ArubaOS-Switch. Successful exploitation results in a Denial-of-Service (DoS) condition in the switch.
6.6CVSS
6.9AI Score
0.001EPSS
A memory corruption vulnerability in ArubaOS-Switch could lead to unauthenticated remote code execution by receiving specially crafted packets. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
9.8CVSS
9.7AI Score
0.002EPSS
A potential security vulnerability has been identified in HPE Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 6 (iLO 6). The vulnerability could be remotely exploited to allow authentication bypass.
9.8CVSS
9.4AI Score
0.001EPSS