Lucene search
K
HpNetwork Automation

17 matches found

CVE
CVE
added 2018/02/15 10:0 p.m.68 views

CVE-2017-5812

CVE-2017-5812 affects Hewlett Packard Enterprise HP Network Automation (HP Network Automation). The connected sources describe an authentication bypass in the PermissionFilter class, enabling a remote attacker to bypass authentication and reach a vulnerable servlet. Affected product versions incl...

7.5CVSS7.4AI score0.05369EPSS
CVE
CVE
added 2018/02/15 10:0 p.m.65 views

CVE-2017-5810

CVE-2017-5810 is a remote SQL injection in HP Network Automation, affecting 9.1x, 9.2x, 10.0x, 10.1x and 10.2x. The issue arises in the RedirectServlet due to insufficient sanitization of certain HTTP request parameters, enabling an unauthenticated or remote attacker to inject SQL and potentially...

9.8CVSS9.6AI score0.04783EPSS
CVE
CVE
added 2011/08/01 7:0 p.m.64 views

CVE-2011-2402

CVE-2011-2402 affects HP Network Automation versions 7.2x, 7.5x, 7.6x, 9.0 and 9.10 with a cross-site scripting (XSS) flaw reported. The vulnerability allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Seebug notes that exploitation could enable attackers to o...

4.3CVSS5.8AI score0.03082EPSS
CVE
CVE
added 2011/04/27 12:0 a.m.61 views

CVE-2011-1725

HP Network Automation (versions 7.2x, 7.5x, 7.6x, 9.0, 9.10) is affected by a remote information disclosure vulnerability (CVE-2011-1725). The security bulletin cites a vulnerability that could be exploited remotely to obtain sensitive information via unspecified vectors and provides a hotfix/upd...

5CVSS6.3AI score0.02436EPSS
CVE
CVE
added 2016/09/29 2:0 p.m.58 views

CVE-2016-4386

HPE Network Automation Software 10.10 is affected by CVE-2016-4386, described in connected CNVD/NVD entries as a local security bypass that lets a local user write to arbitrary files. The exact vulnerable component, vectors, and root cause are not detailed beyond confirming a local-privelege-elev...

7.8CVSS7.4AI score0.00496EPSS
CVE
CVE
added 2018/02/15 10:0 p.m.58 views

CVE-2016-8511

CVE-2016-8511 is a remote code execution in HP Network Automation via RPCServlet Java deserialization. The flaw allows sending crafted serialized data to RPCServlet to execute arbitrary code. Affected versions include HP Network Automation 9.1x, 9.2x, and 10.00.x before 10.00.021; 10.10.x before ...

9.8CVSS9.7AI score0.15618EPSS
CVE
CVE
added 2011/08/01 7:0 p.m.53 views

CVE-2011-2403

CVE-2011-2403 is an SQL injection vulnerability reported for HP Network Automation versions 7.2x, 7.5x, 7.6x, 9.0, and 9.10. The issue allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. This entry is supported by public references in the NVD entry (CVSSv2...

6.5CVSS8.2AI score0.01969EPSS
CVE
CVE
added 2018/05/22 7:0 p.m.53 views

CVE-2018-6493

CVE-2018-6493 is an SQL injection vulnerability affecting HP Network Operations Management Ultimate (versions 2017.07, 2017.11, 2018.02) and HP Network Automation (versions 10.00–10.50). The issue is described as remote, with potential to manipulate the database and access or escalate, per NVD/CN...

8.8CVSS9.1AI score0.0201EPSS
CVE
CVE
added 2018/05/22 7:0 p.m.51 views

CVE-2018-6492

CVE-2018-6492 : HP Network Operations Management Ultimate is vulnerable to persistent cross-site scripting and non-persistent HTML injection in versions 2017.07, 2017.11, 2018.02; HP Network Automation is affected in versions 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. The issue is a remote ...

6.1CVSS5.7AI score0.01553EPSS
CVE
CVE
added 2016/09/29 2:0 p.m.49 views

CVE-2016-4385

CVE-2016-4385 affects HP Network Automation: RMI registry deserialization in 9.1x, 9.2x, 10.0x before 10.00.02.01, and 10.1x before 10.11.00.01 enables remote code execution via a crafted serialized Java object, leveraging Apache Commons Collections and Commons BeanUtils libraries. The vulnerabil...

7.5CVSS7.5AI score0.04362EPSS
CVE
CVE
added 2018/02/15 10:0 p.m.48 views

CVE-2017-5814

CVE-2017-5814 is a remote SQL injection authentication bypass affecting HPE Network Automation versions 9.1x, 9.2x, 10.0x, 10.1x and 10.2x. The vulnerability stems from a SQL injection flaw used to bypass authentication, enabling an attacker to potentially access the application and back-end data...

10CVSS9.8AI score0.08814EPSS
CVE
CVE
added 2012/02/02 12:0 a.m.46 views

CVE-2011-4790

HP Network Automation (versions 7.5x, 7.6x, 9.0, and 9.10) contains an unspecified vulnerability that allows remote code execution via unknown vectors. The HP security bulletin (HPSBMU02738) confirms impacted versions and provides a remediation path: upgrade to HP Network Automation 9.10.02 or la...

9.3CVSS7.8AI score0.09161EPSS
CVE
CVE
added 2016/03/15 12:0 a.m.46 views

CVE-2016-1988

HP Network Automation is affected: versions 9.22.0x and 10.00.x prior to 10.00.02 have multiple remote code execution vulnerabilities from unspecified flaws. A remote attacker can execute arbitrary code or disclose sensitive information. Impact is described as remote code execution and informatio...

10CVSS9.7AI score0.10551EPSS
CVE
CVE
added 2018/02/15 10:0 p.m.46 views

CVE-2017-5811

CVE-2017-5811 affects HP (HPE) Network Automation 9.1x, 9.2x, 10.0x, 10.1x and 10.2x. The vulnerability is a FileServlet directory traversal information disclosure caused by lack of validation of a user-supplied path, allowing remote attackers to read arbitrary files. The linked sources in the co...

7.8CVSS8AI score0.17332EPSS
CVE
CVE
added 2018/02/15 10:0 p.m.45 views

CVE-2017-5813

CVE-2017-5813 affects HPE Network Automation, versions 9.1x, 9.2x, 10.0x, 10.1x and 10.2x. The connected documents consistently describe a remote unauthenticated access vulnerability, i.e., a flaw that could allow an attacker to gain access without authentication. The NVD entry lists public metri...

6.8CVSS7AI score0.01898EPSS
CVE
CVE
added 2016/03/15 12:0 a.m.43 views

CVE-2016-1989

HP Network Automation is affected for version 9.22.0x and 10.00.0x before 10.00.02, with multiple remote code execution vulnerabilities due to unspecified flaws. A remote attacker can execute arbitrary code or obtain sensitive information via unspecified vectors. The Nessus plugin corroborates th...

10CVSS9.7AI score0.10551EPSS
CVE
CVE
added 2014/10/10 1:0 a.m.41 views

CVE-2014-2646

Technical details about CVE-2014-2646 are not publicly available in the provided documents. Monitor for updates.

7.2CVSS6.4AI score0.00618EPSS