Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2011-2608

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-01 Jul, 2011 | 10:00
Updated At-06 Aug, 2024 | 23:08
Rejected At-
Credits

ovbbccb.exe 6.20.50.0 and other versions in HP OpenView Performance Agent 4.70 and 5.0; and Operations Agent 11.0, 8.60.005, 8.60.006, 8.60.007, 8.60.008, 8.60.501, and 8.53; allows remote attackers to delete arbitrary files via a full pathname in the File field in a Register command.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:01 Jul, 2011 | 10:00
Updated At:06 Aug, 2024 | 23:08
Rejected At:
▼CVE Numbering Authority (CNA)

ovbbccb.exe 6.20.50.0 and other versions in HP OpenView Performance Agent 4.70 and 5.0; and Operations Agent 11.0, 8.60.005, 8.60.006, 8.60.007, 8.60.008, 8.60.501, and 8.53; allows remote attackers to delete arbitrary files via a full pathname in the File field in a Register command.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://securitytracker.com/id?1025715
vdb-entry
x_refsource_SECTRACK
https://exchange.xforce.ibmcloud.com/vulnerabilities/68269
vdb-entry
x_refsource_XF
http://marc.info/?l=bugtraq&m=131188898632504&w=2
vendor-advisory
x_refsource_HP
http://marc.info/?l=bugtraq&m=131188898632504&w=2
vendor-advisory
x_refsource_HP
http://aluigi.altervista.org/adv/ovbbccb_1-adv.txt
x_refsource_MISC
http://www.securityfocus.com/bid/48481
vdb-entry
x_refsource_BID
http://secunia.com/advisories/45079
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://securitytracker.com/id?1025715
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/68269
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://marc.info/?l=bugtraq&m=131188898632504&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://marc.info/?l=bugtraq&m=131188898632504&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://aluigi.altervista.org/adv/ovbbccb_1-adv.txt
Resource:
x_refsource_MISC
Hyperlink: http://www.securityfocus.com/bid/48481
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://secunia.com/advisories/45079
Resource:
third-party-advisory
x_refsource_SECUNIA
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://securitytracker.com/id?1025715
vdb-entry
x_refsource_SECTRACK
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/68269
vdb-entry
x_refsource_XF
x_transferred
http://marc.info/?l=bugtraq&m=131188898632504&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://marc.info/?l=bugtraq&m=131188898632504&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://aluigi.altervista.org/adv/ovbbccb_1-adv.txt
x_refsource_MISC
x_transferred
http://www.securityfocus.com/bid/48481
vdb-entry
x_refsource_BID
x_transferred
http://secunia.com/advisories/45079
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://securitytracker.com/id?1025715
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/68269
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=131188898632504&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=131188898632504&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://aluigi.altervista.org/adv/ovbbccb_1-adv.txt
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.securityfocus.com/bid/48481
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://secunia.com/advisories/45079
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:01 Jul, 2011 | 10:55
Updated At:11 Apr, 2025 | 00:51

ovbbccb.exe 6.20.50.0 and other versions in HP OpenView Performance Agent 4.70 and 5.0; and Operations Agent 11.0, 8.60.005, 8.60.006, 8.60.007, 8.60.008, 8.60.501, and 8.53; allows remote attackers to delete arbitrary files via a full pathname in the File field in a Register command.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.06.4MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:P
Type: Primary
Version: 2.0
Base score: 6.4
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:P
CPE Matches
HP Inc.
hp
>>openview_performance_agent>>4.70
cpe:2.3:a:hp:openview_performance_agent:4.70:*:*:*:*:*:*:*
HP Inc.
hp
>>openview_performance_agent>>5.0
cpe:2.3:a:hp:openview_performance_agent:5.0:*:*:*:*:*:*:*
HP Inc.
hp
>>operations_agent>>8.53
cpe:2.3:a:hp:operations_agent:8.53:*:*:*:*:*:*:*
HP Inc.
hp
>>operations_agent>>8.60.005
cpe:2.3:a:hp:operations_agent:8.60.005:*:*:*:*:*:*:*
HP Inc.
hp
>>operations_agent>>8.60.006
cpe:2.3:a:hp:operations_agent:8.60.006:*:*:*:*:*:*:*
HP Inc.
hp
>>operations_agent>>8.60.007
cpe:2.3:a:hp:operations_agent:8.60.007:*:*:*:*:*:*:*
HP Inc.
hp
>>operations_agent>>8.60.008
cpe:2.3:a:hp:operations_agent:8.60.008:*:*:*:*:*:*:*
HP Inc.
hp
>>operations_agent>>8.60.501
cpe:2.3:a:hp:operations_agent:8.60.501:*:*:*:*:*:*:*
HP Inc.
hp
>>operations_agent>>11.0
cpe:2.3:a:hp:operations_agent:11.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://aluigi.altervista.org/adv/ovbbccb_1-adv.txtcve@mitre.org
Exploit
http://marc.info/?l=bugtraq&m=131188898632504&w=2cve@mitre.org
Vendor Advisory
http://marc.info/?l=bugtraq&m=131188898632504&w=2cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/45079cve@mitre.org
Vendor Advisory
http://securitytracker.com/id?1025715cve@mitre.org
N/A
http://www.securityfocus.com/bid/48481cve@mitre.org
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/68269cve@mitre.org
N/A
http://aluigi.altervista.org/adv/ovbbccb_1-adv.txtaf854a3a-2127-422b-91ae-364da2661108
Exploit
http://marc.info/?l=bugtraq&m=131188898632504&w=2af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://marc.info/?l=bugtraq&m=131188898632504&w=2af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/45079af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://securitytracker.com/id?1025715af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/48481af854a3a-2127-422b-91ae-364da2661108
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/68269af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://aluigi.altervista.org/adv/ovbbccb_1-adv.txt
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: http://marc.info/?l=bugtraq&m=131188898632504&w=2
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://marc.info/?l=bugtraq&m=131188898632504&w=2
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/45079
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://securitytracker.com/id?1025715
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/48481
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/68269
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://aluigi.altervista.org/adv/ovbbccb_1-adv.txt
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Hyperlink: http://marc.info/?l=bugtraq&m=131188898632504&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://marc.info/?l=bugtraq&m=131188898632504&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/45079
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://securitytracker.com/id?1025715
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/48481
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/68269
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

226Records found
CVE-2005-4654
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.4||MEDIUM
EPSS-0.83% / 73.64%
||
7 Day CHG~0.00%
Published-16 Jan, 2006 | 21:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in Oracle for OpenView (OfO) 8.1.7, 9.1.01, and 9.2, and OfO for Linux, allow remote attackers to have an unknown impact via unknown attack vectors. NOTE: because of the lack of details in the vendor advisory, it is unclear which set of existing CVEs this advisory might refer to.

Action-Not Available
Vendor-n/aHP Inc.
Product-oracle_for_openviewn/a
CVE-2018-7092
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.5||HIGH
EPSS-20.92% / 95.41%
||
7 Day CHG~0.00%
Published-06 Aug, 2018 | 20:00
Updated-05 Aug, 2024 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential security vulnerability has been identified in HPE Intelligent Management Center Platform (IMC Plat) 7.3 E0506P09. The vulnerability could be remotely exploited to allow for remote directory traversal leading to arbitrary file deletion.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centerHPE Intelligent Management Center Platform (IMC Plat)
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2016-4360
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-6.06% / 90.38%
||
7 Day CHG~0.00%
Published-08 Jun, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

web/admin/data.js in the Performance Center Virtual Table Server (VTS) component in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 do not restrict file paths sent to an unlink call, which allows remote attackers to delete arbitrary files via the path parameter to data/import_csv, aka ZDI-CAN-3555.

Action-Not Available
Vendor-n/aHP Inc.
Product-performance_centerloadrunnern/a
CVE-2004-0952
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.4||MEDIUM
EPSS-1.65% / 81.27%
||
7 Day CHG~0.00%
Published-19 Aug, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP-UX B.11.00 through B.11.23, when running Ignite-UX and using the add_new_client command, causes the TFTP server to set world-writable permissions on part of the directory tree, which allows remote attackers to modify data or cause disk consumption.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CVE-2015-5434
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.70% / 71.04%
||
7 Day CHG~0.00%
Published-05 Jan, 2016 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HPE Networking Products, originally branded as Comware 5, Comware 7, H3C, or HP, allow remote attackers to bypass intended access restrictions or cause a denial of service via "Virtual routing and forwarding (VRF) hopping."

Action-Not Available
Vendor-n/aHP Inc.
Product-jg786a_hp_flexfabric_12500_4-port_100gbe_cfp_fdjg835a_hp_flexfabric_12508e_dc_switch_taa-compliant_chassisjg789a_hp_flexfabric_12500_4-port_100gbe_cfp_fg_taajg779a_hp_hsr6800_rse-x2_router_taa-compliant_main_processing_unitjg354a_hp_hsr6602-xg_routerjg785a_hp_ff_12518e_dc_switch_chassisjc124a_hp_a9508_switch_chassisjg836a_hp_flexfabric_12518e_ac_switch_taa-compliant_chassisjg362b_hp_hsr6804_router_chassisjg555a_hp_5920af-24xg_taa_switchjg823a_hp_10512_taa_switch_chassisjh188a_hp_flexfabric_5930_4-slot_taa-compliant_switchjf431b_hp_12508_switch_chassisjh196a_hp_10500_2-port_100gbe_cfp_ecjg412a_hp_msr4000_mpu-100_main_processing_unitjg834a_hp_flexfabric_12508e_ac_switch_taa-compliant_chassisjg410a_hp_msr3012_dc_routerjg821a_hp_10508_taa_switch_chassisjg788a_hp_flexfabric_12500_4-port_100gbe_cfp_fgjg866a_hp_msr2003_taa-compliant_ac_routerjg362a_hp_hsr6804_router_chassisjg735a\)_hp_msr2004-48_routerjg407a_hp_msr3024_dc_routerjg777a_hp_hsr6602-xg_taa-compliant_routerjh060a_hp_msr1003-8s_ac_routerjg361b_hp_hsr6802_router_chassisjg405a_hp_msr3044_routerjc655a_hp_12504_dc_switch_chassisjc653a_hp_12518_dc_switch_chassisjg408a_hp_msr3024_poe_routerjc613a_hp_10504_switch_chassisjg803a_hp_flexfabric_12500e_taa-compliant_main_processing_unitjc086a_hp_a12508_switch_chassisjg869a_hp_msr4000_taa-compliant_mpu-100_main_processing_unitjg406a_hp_msr3024_ac_routerjg404a_hp_msr3064_routerjh075a\)_hp_hsr6800_rse-x3_router_main_processing_unitjg875a_hp_msr1002-4_ac_routerjg496a_hp_10500_type_a_mpu_with_comwarejc125b_hp_9512_switch_chassisjc612a_hp_10508_switch_chassisjc125a_hp_a9512_switch_chassisjc072b_hp_12500_main_processing_unitjg364a_hp_hsr6800_rse-x2_router_main_processing_unitjg861a_hp_msr3024_taa-compliant_ac_routerjh198a_hp_10500_type_d_main_processing_unit_with_comwarejg734a_hp_msr2004-24_ac_routerjf431c_hp_12508_ac_switch_chassisjg353a_hp_hsr6602-g_routerjg784a_hp_ff_12518e_ac_switch_chassisjg812aae_hp_vsr1004_comware_7_virtual_services_routerjf430b_hp_12518_switch_chassisjg776a_hp_hsr6602-g_taa-compliant_routerjc124b_hp_9505_switch_chassisjg813aae_hp_vsr1008_comware_7_virtual_services_routerjc748a_hp_10512_switch_chassisjg361a_hp_hsr6802_router_chassisjg409a_hp_msr3012_ac_routerjg363b_hp_hsr6808_router_chassisjf430a_hp_a12518_switch_chassisjg820a_hp_10504_taa_switch_chassisjg787a_hp_flexfabric_12500_4-port_100gbe_cfp_fd_taajf431a_hp_a12508_switch_chassisjg363a_hp_hsr6808_router_chassisjg783a_hp_ff_12508e_dc_switch_chassisjc611a_hp_10508-v_switch_chassisjg296a_hp_5920af-24xg_switchjg811aae_hp_vsr1001_comware_7_virtual_services_routerjf430c_hp_12518_ac_switch_chassisjh179a_hp_flexfabric_5930_4-slot_switchjg411a_hp_msr2003_ac_routerjg798a_hp_flexfabric_12508e_fabricjc474b_hp_9508-v_switch_chassisjg782a_hp_ff_12508e_ac_switch_chassisjg837a_hp_flexfabric_12518e_dc_switch_taa-compliant_chassisjg402a_hp_msr4080_router_chassisjg822a_hp_10508-v_taa_switch_chassisjc652a_hp_12508_dc_switch_chassisjc808a_hp_12500_taa_main_processing_unitjg802a_hp_ff_12500e_mpujh192a_hp_10500_48-port_gig-t_\(rj45\)_sejc654a_hp_12504_ac_switch_chassisjg810aae_hp_vsr1001_virtual_services_router_60_day_evaluationjg403a_hp_msr4060_router_chassisjc474a_hp_a9508-v_switch_chassisjc085a_hp_a12518_switch_chassisjg497a_hp_12500_mpu_w\/comwaren/a
CVE-2014-5160
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.4||MEDIUM
EPSS-21.78% / 95.53%
||
7 Day CHG~0.00%
Published-01 Aug, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple directory traversal vulnerabilities in crs.exe in the Cell Request Service in HP Data Protector allow remote attackers to create arbitrary files via an opcode-1091 request, or create or delete arbitrary files via an opcode-305 request. NOTE: the vendor reportedly asserts that this behavior is "by design.

Action-Not Available
Vendor-n/aHP Inc.
Product-data_protectorn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-8973
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-4.3||MEDIUM
EPSS-0.28% / 51.34%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper input validation vulnerability in HPE Matrix Operating Environment version 7.6 LR1 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-matrix_operating_environmentMatrix Operating Environment
CWE ID-CWE-20
Improper Input Validation
CVE-2017-8977
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.1||CRITICAL
EPSS-4.32% / 88.44%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 19:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Denial of Service vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-moonshot_provisioning_manager_applianceMoonshot Provisioning Manager Appliance
CWE ID-CWE-20
Improper Input Validation
CVE-2017-8954
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-53.98% / 97.92%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-17 Sep, 2024 | 03:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centerIntelligent Management Center (iMC) PLAT
CWE ID-CWE-20
Improper Input Validation
CVE-2017-8972
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-4.3||MEDIUM
EPSS-0.28% / 51.34%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 23:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A clickjacking vulnerability in HPE Matrix Operating Environment version 7.6 LR1 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-matrix_operating_environmentMatrix Operating Environment
CWE ID-CWE-20
Improper Input Validation
CVE-2017-8975
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-53.98% / 97.92%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-17 Sep, 2024 | 01:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Code Execution vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-moonshot_provisioning_manager_applianceMoonshot Provisioning Manager Appliance
CWE ID-CWE-20
Improper Input Validation
CVE-2017-8983
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-8.8||HIGH
EPSS-2.69% / 85.27%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-17 Sep, 2024 | 02:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P4 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centerIntelligent Management Center (iMC) PLAT
CWE ID-CWE-20
Improper Input Validation
CVE-2017-8981
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-17.05% / 94.73%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-17 Sep, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0506 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centerIntelligent Management Center (iMC) PLAT
CWE ID-CWE-20
Improper Input Validation
CVE-2017-8994
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-1.37% / 79.43%
||
7 Day CHG~0.00%
Published-10 Oct, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A input validation vulnerability in HPE Operations Orchestration product all versions prior to 10.80, allows for the execution of code remotely.

Action-Not Available
Vendor-Micro Focus International LimitedHP Inc.
Product-operations_orchestrationHPE Operations Orchestration
CWE ID-CWE-20
Improper Input Validation
CVE-2017-8956
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-13.73% / 94.01%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-17 Sep, 2024 | 02:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centerIntelligent Management Center (iMC) PLAT
CWE ID-CWE-20
Improper Input Validation
CVE-2017-5808
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.5||HIGH
EPSS-19.46% / 95.17%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-data_protectorData Protector
CWE ID-CWE-20
Improper Input Validation
CVE-2017-5817
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-83.65% / 99.24%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 16:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centerIntelligent Management Center (iMC) PLAT
CWE ID-CWE-20
Improper Input Validation
CVE-2017-5815
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-61.26% / 98.25%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centerIntelligent Management Center (iMC) PLAT
CWE ID-CWE-20
Improper Input Validation
CVE-2017-5818
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.5||HIGH
EPSS-14.59% / 94.21%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 17:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centerIntelligent Management Center (iMC) PLAT
CWE ID-CWE-20
Improper Input Validation
CVE-2017-5819
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-53.98% / 97.92%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-17 Sep, 2024 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centerIntelligent Management Center (iMC) PLAT
CWE ID-CWE-20
Improper Input Validation
CVE-2017-5816
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-90.38% / 99.58%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centerIntelligent Management Center (iMC) PLAT
CWE ID-CWE-20
Improper Input Validation
CVE-2017-5784
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-6.5||MEDIUM
EPSS-0.47% / 63.62%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing HSTS Header vulnerability in HPE Matrix Operating Environment version v7.6 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-matrix_operating_environmentMatrix Operating Environment
CWE ID-CWE-20
Improper Input Validation
CVE-2017-5783
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-5.3||MEDIUM
EPSS-0.56% / 67.36%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-17 Sep, 2024 | 00:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote clickjacking vulnerability in HPE Matrix Operating Environment version v7.6 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-matrix_operating_environmentMatrix Operating Environment
CWE ID-CWE-20
Improper Input Validation
CVE-2017-5793
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-8.8||HIGH
EPSS-2.52% / 84.81%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Arbitrary Code Execution vulnerability in HPE Intelligent Management Center (IMC) PLAT version 7.2 E0403P06 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centerIntelligent Management Center (IMC) PLAT
CWE ID-CWE-20
Improper Input Validation
CVE-2017-2750
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-9.8||CRITICAL
EPSS-15.06% / 94.30%
||
7 Day CHG~0.00%
Published-23 Jan, 2018 | 16:00
Updated-16 Sep, 2024 | 19:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient Solution DLL Signature Validation allows potential execution of arbitrary code in HP LaserJet Enterprise printers, HP PageWide Enterprise printers, HP LaserJet Managed printers, HP OfficeJet Enterprise printers before 2308937_578479, 2405087_018548, and other firmware versions.

Action-Not Available
Vendor-HP Inc.
Product-j7z08aj8a13a_firmwarecf068af2a68a_firmwarel2683aj7z14acf081ace708acf235a_firmwarej7z11a_firmwareb5l25a_firmwarej8a12ab5l25aj8j78a_firmwarej8a10aj7z98af2a77aj7x28aj8a11a_firmwareb5l26a_firmwaree6b68aj8j76aj8a06al1h45acz251a_firmwarecc419ad3l10aj8j74al2717a_firmwarej7z09a_firmwaref2a81a_firmwaref2a71a_firmwared7p68a_firmwarecf235al3u41a_firmwarecz248a_firmwarecz249a_firmwarej7z07a_firmwarej7z03ace707aj7z13acf067a_firmwareg1w47vj8j80a_firmwareg1w41al3u43a_firmwarece991acd645a_firmwareb3g84ag1w39ab5l06vj8j73a_firmwarecf082ag1w39a_firmwarel3u70ab3g85a_firmwareg1w40vj7z05a_firmwarec2s11v_firmwarecz249acc421a_firmwarej7z98a_firmwarecf066a_firmwaree6b69ab5l23a_firmwarej8j74a_firmwaref2a71am0p36ad3l10a_firmwarea2w75a_firmwarej7z12a_firmwareg1w46vj8j73acf117a_firmwarej8a17al3u42a_firmwarecf116aj8j79ae6b72am0p40ae6b72a_firmwarel3u51aa2w79a_firmwarecz255aa2w76a_firmwarec2s11vj8j66acz250a_firmwarej8j71a_firmwarej8a10a_firmwarej8j63ab5l46a_firmwarece990ab5l49aa2w77ad7p73al1h45a_firmwarek0q21ac2s12v_firmwarem0p39a_firmwareg1w40ak0q22ace991a_firmwareb5l04vb3g85aa2w75acd644a_firmwarej7z13a_firmwarecz244a_firmwarec2s12al3u42al3u55a_firmwarecz245af2a70a_firmwarek0q17acz251aj7z06a_firmwareg1w47a_firmwaree6b70a_firmwarecz248al3u59a_firmwarece989a_firmwarej7z11af2a68ag1w40a_firmwarej7z03a_firmwarej7x28a_firmwarek0q18a_firmwarece707a_firmwared7p71a_firmwarek0q14a_firmwarece708a_firmwarecf069aa2w78a_firmwarek0q19acc419a_firmwarecz255a_firmwarej7z10ag1w41vd3l09a_firmwarecc420a_firmwaree6b67aj8j71ace990a_firmwarece989al3u43aj8a04a_firmwarek0q21a_firmwarece992al3u52a_firmwarecd645aj7z14a_firmwarecf367a_firmwarece738acf068a_firmwarej8j80ad7p73a_firmwarea2w78ab5l54a_firmwareb5l48a_firmwarecz257a_firmwarea2w79ad7p71v_firmwarej8j66a_firmwarea2w76aj8a06a_firmwarecf236acf083a_firmwarel2683a_firmwarej7z09ace504ag1w41v_firmwaref2a69al3u60aj8j72a_firmwarecz245a_firmwarece709al3u41al3u56a_firmwarej7z04a_firmwarej8j65a_firmwareg1w47v_firmwarec2s11am0p40a_firmwaree6b71a_firmwarece993acf069a_firmwaree6b73a_firmwarez5g79am0p33aj8a13am0p35acz250ad7p68ace504a_firmwarel3u44a_firmwarec2s12a_firmwareb5l24a_firmwarece996a_firmwarel3u70a_firmwarecf238a_firmwarej8j64aj7z04acf118acd646a_firmwarej7z07acf236a_firmwared7p71vl2762a_firmwarej8j70af2a69a_firmwaree6b67a_firmwarej7z99ab5l07ag1w46v_firmwared3l08a_firmwarek0q20a_firmwarej7z10a_firmwareb5l07a_firmwaree6b68a_firmwarej7z05acz258a_firmwarej8a17a_firmwareb5l05acz244aj8a12a_firmwarecc421acf067ab5l06ak0q15a_firmwarek0q18ab5l50ag1w39v_firmwareb5l04ace709a_firmwarek0q17a_firmwareg1w39vf2a76ae6b69a_firmwareb3g84a_firmwarem0p35a_firmwarez5g77a_firmwarel3u59aj8j72ace995a_firmwarecf117aj7z08a_firmwarecf118a_firmwarej7z12ae6b70al3u51a_firmwarel3u44ace738a_firmwarece995acf066aj8a05a_firmwarece996acz257al3u55ab5l04a_firmwarek0q15al3u66a_firmwarek0q19a_firmwarea2w77a_firmwarej7z99a_firmwarecz256a_firmwareb5l05vb5l06a_firmwarel3u60a_firmwarej8a05ace994ab5l06v_firmwaree6b73aj8j64a_firmwarej8j76a_firmwareb5l47ab5l48af2a81ab5l50a_firmwareb5l49a_firmwarece993a_firmwarej8j63a_firmwarel3u56al3u40a_firmwareb5l54al3u65acd644am0p33a_firmwarecf238az5g77ab5l46ac2s12v-d3l08acz258am0p36a_firmwareg1w46a_firmwarel2762aj8j70a_firmwarec2s11a_firmwaree6b71aj8a11af2a76a_firmwarece503a_firmwareb5l05a_firmwarecf083af2a77a_firmwarecf082a_firmwarel3u52acd646ag1w40v_firmwarel3u65a_firmwarej7z06aj8j65al3u66ab5l24acf116a_firmwareb3g86ab3g86a_firmwarem0p39ag1w41a_firmwareb5l04v_firmwarece992a_firmwarej8a04ab5l23ad3l09aj8j78acz256ak0q20ak0q22a_firmwarek0q14ace503ad7p71acf081a_firmwareg1w47acc420aj8j79a_firmwareg1w46ace994a_firmwareb5l26al2717ab5l05v_firmwarez5g79a_firmwaref2a70al3u40ab5l47a_firmwarecf367aHP LaserJet Enterprise printers, HP PageWide Enterprise printers, HP LaserJet Managed printers, HP OfficeJet Enterprise printers
CWE ID-CWE-20
Improper Input Validation
CVE-2017-3733
Matching Score-6
Assigner-OpenSSL Software Foundation
ShareView Details
Matching Score-6
Assigner-OpenSSL Software Foundation
CVSS Score-7.5||HIGH
EPSS-5.78% / 90.14%
||
7 Day CHG~0.00%
Published-04 May, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Encrypt-Then-Mac renegotiation crash

During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected.

Action-Not Available
Vendor-OpenSSLHP Inc.
Product-openssloperations_agentOpenSSL
CWE ID-CWE-20
Improper Input Validation
CVE-2013-4812
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-10||HIGH
EPSS-74.00% / 98.78%
||
7 Day CHG~0.00%
Published-13 Sep, 2013 | 18:00
Updated-22 Apr, 2025 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

UpdateCertificatesServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the fileName argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743.

Action-Not Available
Vendor-n/aHP Inc.
Product-procurve_manageridentity_driven_managern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-4811
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-10||HIGH
EPSS-83.54% / 99.24%
||
7 Day CHG~0.00%
Published-13 Sep, 2013 | 18:00
Updated-22 Apr, 2025 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

UpdateDomainControllerServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the adCert argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743.

Action-Not Available
Vendor-n/aHP Inc.
Product-procurve_manageridentity_driven_managern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-3573
Matching Score-6
Assigner-CERT/CC
ShareView Details
Matching Score-6
Assigner-CERT/CC
CVSS Score-10||HIGH
EPSS-0.91% / 74.79%
||
7 Day CHG~0.00%
Published-14 Jun, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Insight Diagnostics 9.4.0.4710 allows remote attackers to conduct unspecified injection attacks via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-insight_diagnosticsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-3575
Matching Score-6
Assigner-CERT/CC
ShareView Details
Matching Score-6
Assigner-CERT/CC
CVSS Score-5||MEDIUM
EPSS-15.58% / 94.42%
||
7 Day CHG~0.00%
Published-14 Jun, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

hpdiags/frontend2/help/pageview.php in HP Insight Diagnostics 9.4.0.4710 does not properly restrict PHP include or require statements, which allows remote attackers to include arbitrary hpdiags/frontend2/help/ .html files via the path parameter.

Action-Not Available
Vendor-n/aHP Inc.
Product-insight_diagnosticsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-3574
Matching Score-6
Assigner-CERT/CC
ShareView Details
Matching Score-6
Assigner-CERT/CC
CVSS Score-7.8||HIGH
EPSS-14.79% / 94.25%
||
7 Day CHG~0.00%
Published-14 Jun, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Absolute path traversal vulnerability in hpdiags/frontend2/commands/saveCompareConfig.php in HP Insight Diagnostics 9.4.0.4710 allows remote attackers to write data to arbitrary files via a full pathname in the argument to the devicePath (aka mount) parameter.

Action-Not Available
Vendor-n/aHP Inc.
Product-insight_diagnosticsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-6501
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.58% / 67.91%
||
7 Day CHG~0.00%
Published-12 Jan, 2013 | 02:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The KillProcess method in the HP PKI ActiveX control (HPPKI.ocx) before 1.2.0.1 allows remote attackers to cause a denial of service (kill process) via the partial or full name of a process.

Action-Not Available
Vendor-n/aHP Inc.
Product-pki_activex_controln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2023-47158
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 8.74%
||
7 Day CHG~0.00%
Published-22 Jan, 2024 | 20:05
Updated-30 May, 2025 | 14:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1 and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270750.

Action-Not Available
Vendor-Oracle CorporationIBM CorporationHP Inc.Linux Kernel Organization, IncMicrosoft Corporation
Product-solarislinux_kerneldb2hp-uxlinux_on_ibm_zwindowsaixDb2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2010-3011
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-5||MEDIUM
EPSS-0.60% / 68.51%
||
7 Day CHG~0.00%
Published-17 Sep, 2010 | 17:46
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CRLF injection vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-system_management_homepagen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-2004
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-8.3||HIGH
EPSS-1.64% / 81.19%
||
7 Day CHG~0.00%
Published-02 May, 2012 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open redirect vulnerability in HP Insight Management Agents before 9.0.0.0 on Windows Server 2003 and 2008 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.Microsoft Corporation
Product-windows_server_2008windows_server_2003windows_2003_serverinsight_management_agentsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-2002
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-8.3||HIGH
EPSS-1.21% / 78.17%
||
7 Day CHG~0.00%
Published-02 May, 2012 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open redirect vulnerability in HP SNMP Agents for Linux before 9.0.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-snmp_agents_for_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2023-45177
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 28.93%
||
7 Day CHG~0.00%
Published-20 Mar, 2024 | 17:29
Updated-03 Jul, 2025 | 19:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM MQ denial of service

IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD is vulnerable to a denial-of-service attack due to an error within the MQ clustering logic. IBM X-Force ID: 268066.

Action-Not Available
Vendor-Microsoft CorporationIBM CorporationLinux Kernel Organization, IncOracle CorporationHP Inc.
Product-solarisaixhp-uxlinux_kernellinux_on_ibm_ziwindowsmqMQ
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1853
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-10||HIGH
EPSS-15.65% / 94.44%
||
7 Day CHG~0.00%
Published-13 May, 2011 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a (1) large or (2) invalid opcode field, related to a function pointer table.

Action-Not Available
Vendor-n/aHP Inc.
Product-intelligent_management_centern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-2405
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-7.8||HIGH
EPSS-1.44% / 79.92%
||
7 Day CHG~0.00%
Published-11 Aug, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HP ProLiant SL Advanced Power Manager (SL-APM) with firmware before 1.20 does not properly validate users, which allows remote attackers to cause a denial of service via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-proliant_sl_advanced_power_managerproliant_sl_advanced_power_manager_firmwaren/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1849
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-10||HIGH
EPSS-11.81% / 93.45%
||
7 Day CHG~0.00%
Published-13 May, 2011 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to create or overwrite files, and subsequently execute arbitrary code, via a crafted WRQ request.

Action-Not Available
Vendor-n/aHP Inc.
Product-intelligent_management_centern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-2697
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.47% / 80.15%
||
7 Day CHG~0.00%
Published-29 Jul, 2011 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

foomatic-rip-hplip in HP Linux Imaging and Printing (HPLIP) 3.11.5 allows remote attackers to execute arbitrary code via a crafted *FoomaticRIPCommandLine field in a .ppd file.

Action-Not Available
Vendor-n/aHP Inc.
Product-linux_imaging_and_printing_projectn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1538
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.21% / 43.37%
||
7 Day CHG~0.00%
Published-03 May, 2011 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open redirect vulnerability in HP Proliant Support Pack (PSP) before 8.7 allows remote authenticated users to redirect other users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-proliant_support_packn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0922
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-82.01% / 99.16%
||
7 Day CHG~0.00%
Published-09 Feb, 2011 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The client in HP Data Protector allows remote attackers to execute arbitrary programs via an EXEC_SETUP command that references a UNC share pathname.

Action-Not Available
Vendor-n/aHP Inc.
Product-data_protectorn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0921
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-4.71% / 88.95%
||
7 Day CHG~0.00%
Published-09 Feb, 2011 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

crs.exe in the Cell Manager Service in the client in HP Data Protector does not properly validate credentials associated with the hostname, domain, and username, which allows remote attackers to execute arbitrary code by sending unspecified data over TCP, related to the webreporting client, the applet domain, and the java username.

Action-Not Available
Vendor-n/aHP Inc.
Product-data_protectorn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0923
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-89.89% / 99.55%
||
7 Day CHG~0.00%
Published-09 Feb, 2011 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The client in HP Data Protector does not properly validate EXEC_CMD arguments, which allows remote attackers to execute arbitrary Perl code via a crafted command, related to the "local bin directory."

Action-Not Available
Vendor-n/aHP Inc.
Product-data_protectorn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-12524
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-8.8||HIGH
EPSS-3.40% / 86.95%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 19:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centerIntelligent Management Center (iMC) PLAT
CWE ID-CWE-20
Improper Input Validation
CVE-2017-12519
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-8.8||HIGH
EPSS-3.40% / 86.95%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 19:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centerIntelligent Management Center (iMC) PLAT
CWE ID-CWE-20
Improper Input Validation
CVE-2017-12497
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-8.8||HIGH
EPSS-3.40% / 86.95%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-17 Sep, 2024 | 02:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centerIntelligent Management Center (iMC) PLAT
CWE ID-CWE-20
Improper Input Validation
CVE-2017-12506
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-8.8||HIGH
EPSS-3.40% / 86.95%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centerIntelligent Management Center (iMC) PLAT
CWE ID-CWE-20
Improper Input Validation
CVE-2017-12525
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-8.8||HIGH
EPSS-3.40% / 86.95%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 23:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centerIntelligent Management Center (iMC) PLAT
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found