11 matches found
CVE-2017-8994
CVE-2017-8994 affects HP Operations Orchestration versions before 10.80. The vulnerability enables remote code execution via deserialization of untrusted data, supported by multiple advisories (insecure/deserialization in central-remoting and backwards-compatibility servlets; WS execution bridge ...
CVE-2018-6490
CVE-2018-6490 affects Micro Focus Operations Orchestration Software, specifically the 10.x line, with a remote Denial of Service vulnerability. The NVD entry documents a network-accessible DoS risk (CVSS v3 base 7.5, HIGH) and a second CVSS v2 assessment (base 7.8, HIGH); the disclosure notes rem...
CVE-2015-2109
CVE-2015-2109 affects HP Operations Orchestration 10.x where an authentication bypass vulnerability exists due to an unspecified flaw. Public documents show affected versions are HP O.O. 10.x prior to 10.21 (per Tenable NASL reference) and HP security bulletin HPSBMU03292 rev.1 (SSRT101981) confi...
CVE-2015-2108
HP Operations Orchestration (HP O.O.) versions 9.x and 10.x are affected by CVE-2015-2108, an information-disclosure vulnerability exploitable via PowerShell operations. The issue allows remote authenticated users to obtain sensitive information; exact vectors are not publicly detailed in the pro...
CVE-2013-6191
HP Operations Orchestration (OO) before version 9 is vulnerable to Cross-Site Scripting (XSS) via unspecified vectors, enabling potential manipulation of web content. The issue is documented as CVE-2013-6191 and is addressed by HP with patch v9.07.0004. The cited bulletin notes XSS/CSRF risks for...
CVE-2013-6192
HP Operations Orchestration is affected by CVE-2013-6192 through CSRF in versions earlier than 9, which could allow remote attackers to hijack user sessions via unknown vectors. The vulnerability is documented with a base CVSS-like impact as partial impact to confidentiality, integrity, and avail...
CVE-2016-8519
CVE-2016-8519 describes a remote code execution vulnerability in Hewlett Packard Enterprise Operations Orchestration (HPE OOE) Community and Enterprise editions, prior to version 10.70. The flaw resides in the wsExecutionBridgeService servlet, where improper validation of user-supplied data and i...
CVE-2012-3258
CVE-2012-3258 affects HP Operations Orchestration version 9.0 prior to 9.03, enabling remote execution of arbitrary code via unknown vectors. The HP Security Bulletin SSRT100712 (HPSBMU02813) confirms remote code execution potential and lists patch 9.03 as the fix, with later patches (e.g., 9.05)...
CVE-2015-5451
HP Operations Orchestration Central 10.x before 10.22.001 is affected by an unspecified CSRF (XSRF) vulnerability that can allow an attacker to hijack the authentication of unspecified victims via unknown vectors. The affected product is HP OO 10.x; remediation approaches in the connected documen...
CVE-2016-1997
CVE-2016-1997 affects HPE Operations Orchestration 10.x before 10.51 and related content before 1.7.0, due to unsafe deserialization of crafted Java objects via the Apache Commons Collections library. This leads to remote code execution by an unauthenticated attacker. Affected component is the Or...
CVE-2010-3985
HP Operations Orchestration (pre-9.0) contains an XSS vulnerability when used with Internet Explorer 6. The issue allows remote attackers to inject arbitrary script or HTML via unspecified vectors. Base CVSSv2 score ~4.3 (Medium) with network access, no authentication, and partial integrity impac...