17 matches found
CVE-2017-5812
CVE-2017-5812 affects Hewlett Packard Enterprise HP Network Automation (HP Network Automation). The connected sources describe an authentication bypass in the PermissionFilter class, enabling a remote attacker to bypass authentication and reach a vulnerable servlet. Affected product versions incl...
CVE-2017-5810
CVE-2017-5810 is a remote SQL injection in HP Network Automation, affecting 9.1x, 9.2x, 10.0x, 10.1x and 10.2x. The issue arises in the RedirectServlet due to insufficient sanitization of certain HTTP request parameters, enabling an unauthenticated or remote attacker to inject SQL and potentially...
CVE-2011-2402
CVE-2011-2402 affects HP Network Automation versions 7.2x, 7.5x, 7.6x, 9.0 and 9.10 with a cross-site scripting (XSS) flaw reported. The vulnerability allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Seebug notes that exploitation could enable attackers to o...
CVE-2011-1725
HP Network Automation (versions 7.2x, 7.5x, 7.6x, 9.0, 9.10) is affected by a remote information disclosure vulnerability (CVE-2011-1725). The security bulletin cites a vulnerability that could be exploited remotely to obtain sensitive information via unspecified vectors and provides a hotfix/upd...
CVE-2016-4386
HPE Network Automation Software 10.10 is affected by CVE-2016-4386, described in connected CNVD/NVD entries as a local security bypass that lets a local user write to arbitrary files. The exact vulnerable component, vectors, and root cause are not detailed beyond confirming a local-privelege-elev...
CVE-2016-8511
CVE-2016-8511 is a remote code execution in HP Network Automation via RPCServlet Java deserialization. The flaw allows sending crafted serialized data to RPCServlet to execute arbitrary code. Affected versions include HP Network Automation 9.1x, 9.2x, and 10.00.x before 10.00.021; 10.10.x before ...
CVE-2011-2403
CVE-2011-2403 is an SQL injection vulnerability reported for HP Network Automation versions 7.2x, 7.5x, 7.6x, 9.0, and 9.10. The issue allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. This entry is supported by public references in the NVD entry (CVSSv2...
CVE-2018-6493
CVE-2018-6493 is an SQL injection vulnerability affecting HP Network Operations Management Ultimate (versions 2017.07, 2017.11, 2018.02) and HP Network Automation (versions 10.00–10.50). The issue is described as remote, with potential to manipulate the database and access or escalate, per NVD/CN...
CVE-2018-6492
CVE-2018-6492 : HP Network Operations Management Ultimate is vulnerable to persistent cross-site scripting and non-persistent HTML injection in versions 2017.07, 2017.11, 2018.02; HP Network Automation is affected in versions 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. The issue is a remote ...
CVE-2016-4385
CVE-2016-4385 affects HP Network Automation: RMI registry deserialization in 9.1x, 9.2x, 10.0x before 10.00.02.01, and 10.1x before 10.11.00.01 enables remote code execution via a crafted serialized Java object, leveraging Apache Commons Collections and Commons BeanUtils libraries. The vulnerabil...
CVE-2017-5814
CVE-2017-5814 is a remote SQL injection authentication bypass affecting HPE Network Automation versions 9.1x, 9.2x, 10.0x, 10.1x and 10.2x. The vulnerability stems from a SQL injection flaw used to bypass authentication, enabling an attacker to potentially access the application and back-end data...
CVE-2011-4790
HP Network Automation (versions 7.5x, 7.6x, 9.0, and 9.10) contains an unspecified vulnerability that allows remote code execution via unknown vectors. The HP security bulletin (HPSBMU02738) confirms impacted versions and provides a remediation path: upgrade to HP Network Automation 9.10.02 or la...
CVE-2016-1988
HP Network Automation is affected: versions 9.22.0x and 10.00.x prior to 10.00.02 have multiple remote code execution vulnerabilities from unspecified flaws. A remote attacker can execute arbitrary code or disclose sensitive information. Impact is described as remote code execution and informatio...
CVE-2017-5811
CVE-2017-5811 affects HP (HPE) Network Automation 9.1x, 9.2x, 10.0x, 10.1x and 10.2x. The vulnerability is a FileServlet directory traversal information disclosure caused by lack of validation of a user-supplied path, allowing remote attackers to read arbitrary files. The linked sources in the co...
CVE-2017-5813
CVE-2017-5813 affects HPE Network Automation, versions 9.1x, 9.2x, 10.0x, 10.1x and 10.2x. The connected documents consistently describe a remote unauthenticated access vulnerability, i.e., a flaw that could allow an attacker to gain access without authentication. The NVD entry lists public metri...
CVE-2016-1989
HP Network Automation is affected for version 9.22.0x and 10.00.0x before 10.00.02, with multiple remote code execution vulnerabilities due to unspecified flaws. A remote attacker can execute arbitrary code or obtain sensitive information via unspecified vectors. The Nessus plugin corroborates th...
CVE-2014-2646
Technical details about CVE-2014-2646 are not publicly available in the provided documents. Monitor for updates.