Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2013-4830

Summary
Assigner-hp
Assigner Org ID-74586083-13ce-40fd-b46a-8e5d23cfbcb2
Published At-16 Oct, 2013 | 10:00
Updated At-16 Sep, 2024 | 19:36
Rejected At-
Credits

HP Service Manager 9.30 through 9.32 allows remote attackers to execute arbitrary code via an unspecified "injection" approach.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:hp
Assigner Org ID:74586083-13ce-40fd-b46a-8e5d23cfbcb2
Published At:16 Oct, 2013 | 10:00
Updated At:16 Sep, 2024 | 19:36
Rejected At:
▼CVE Numbering Authority (CNA)

HP Service Manager 9.30 through 9.32 allows remote attackers to execute arbitrary code via an unspecified "injection" approach.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03960916
vendor-advisory
x_refsource_HP
http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03960916
vendor-advisory
x_refsource_HP
Hyperlink: http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03960916
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03960916
Resource:
vendor-advisory
x_refsource_HP
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03960916
vendor-advisory
x_refsource_HP
x_transferred
http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03960916
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03960916
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03960916
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:hp-security-alert@hp.com
Published At:16 Oct, 2013 | 10:52
Updated At:29 Apr, 2026 | 01:13

HP Service Manager 9.30 through 9.32 allows remote attackers to execute arbitrary code via an unspecified "injection" approach.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
HP Inc.
hp
>>service_manager>>9.30
cpe:2.3:a:hp:service_manager:9.30:*:*:*:*:*:*:*
HP Inc.
hp
>>service_manager>>9.31
cpe:2.3:a:hp:service_manager:9.31:*:*:*:*:*:*:*
HP Inc.
hp
>>service_manager>>9.32
cpe:2.3:a:hp:service_manager:9.32:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-94Primarynvd@nist.gov
CWE ID: CWE-94
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03960916hp-security-alert@hp.com
Vendor Advisory
http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03960916af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03960916
Source: hp-security-alert@hp.com
Resource:
Vendor Advisory
Hyperlink: http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03960916
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

1127Records found
CVE-2011-2404
Matching Score-10
Assigner-HP Inc.
ShareView Details
Matching Score-10
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-80.08% / 99.12%
||
7 Day CHG~0.00%
Published-11 Aug, 2011 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability than CVE-2011-4786 and CVE-2011-4787.

Action-Not Available
Vendor-n/aHP Inc.
Product-easy_printer_care_softwaren/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-0213
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.92% / 89.66%
||
7 Day CHG~0.00%
Published-07 Feb, 2008 | 21:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in a certain ActiveX control for HP Virtual Rooms (HPVR) 6 and earlier allows remote attackers to execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-virtual_roomsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2016-4391
Matching Score-10
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-10
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-38.64% / 97.27%
||
7 Day CHG~0.00%
Published-06 Aug, 2018 | 20:00
Updated-06 Aug, 2024 | 00:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution security vulnerability has been identified in all versions of the HP ArcSight WINC Connector prior to v7.3.0.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-arcsight_winc_connectorHP ArcSight WINC Connector
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-5604
Matching Score-10
Assigner-CERT/CC
ShareView Details
Matching Score-10
Assigner-CERT/CC
CVSS Score-7.5||HIGH
EPSS-20.10% / 95.51%
||
7 Day CHG~0.00%
Published-04 Jun, 2008 | 20:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the ExtractCab function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary code via a long first argument, a different vulnerability than CVE-2007-5605, CVE-2007-5606, and CVE-2007-5607.

Action-Not Available
Vendor-n/aHP Inc.
Product-instant_supportn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-5607
Matching Score-10
Assigner-CERT/CC
ShareView Details
Matching Score-10
Assigner-CERT/CC
CVSS Score-7.5||HIGH
EPSS-16.67% / 94.95%
||
7 Day CHG~0.00%
Published-04 Jun, 2008 | 20:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the RegistryString function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary code via a long first argument, a different vulnerability than CVE-2007-5604, CVE-2007-5605, and CVE-2007-5606.

Action-Not Available
Vendor-n/aHP Inc.
Product-instant_supportn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2016-1986
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.31% / 79.86%
||
7 Day CHG~0.00%
Published-12 Feb, 2016 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Continuous Delivery Automation (CDA) 1.30 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.

Action-Not Available
Vendor-n/aHP Inc.
Product-continuous_delivery_automationn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2018-7074
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-32.93% / 96.92%
||
7 Day CHG~0.00%
Published-06 Aug, 2018 | 20:00
Updated-05 Aug, 2024 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability was identified in HPE Intelligent Management Center (iMC) PLAT 7.3 E0506P07. The vulnerability was resolved in iMC PLAT 7.3 E0605P04 or subsequent version.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centerHPE Intelligent Management Center (IMC)
CVE-2008-0214
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.43% / 80.75%
||
7 Day CHG~0.00%
Published-08 Feb, 2008 | 01:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in HP Select Identity 4.00, 4.01, 4.11, 4.12, 4.13, and 4.20 allow remote authenticated users to gain access via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-select_identityn/a
CVE-2014-2638
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-4.84% / 89.57%
||
7 Day CHG~0.00%
Published-10 Oct, 2014 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2344.

Action-Not Available
Vendor-n/aHP Inc.
Product-sprintern/a
CVE-2005-2773
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-89.82% / 99.58%
||
7 Day CHG~0.00%
Published-02 Sep, 2005 | 04:00
Updated-16 Apr, 2026 | 14:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-15||Apply updates per vendor instructions.

HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node parameter to connectedNodes.ovpl, (2) cdpView.ovpl, (3) freeIPaddrs.ovpl, and (4) ecscmg.ovpl.

Action-Not Available
Vendor-n/aHP Inc.
Product-openview_network_node_managern/aOpenView Network Node Manager
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2005-2552
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.65% / 70.78%
||
7 Day CHG~0.00%
Published-12 Aug, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unknown vulnerability in HP ProLiant DL585 servers running Integrated Lights Out (ILO) firmware before 1.81 allows attackers to access server controls when the server is "powered down."

Action-Not Available
Vendor-n/aHP Inc.
Product-proliant_dl585n/a
CVE-2018-7072
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 60.30%
||
7 Day CHG~0.00%
Published-06 Aug, 2018 | 20:00
Updated-05 Aug, 2024 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote bypass of security restrictions vulnerability was identified in HPE Moonshot Provisioning Manager prior to v1.24.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-moonshot_provisioning_managerHPE Moonshot Provisioning Manager
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2005-1826
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.89% / 90.63%
||
7 Day CHG~0.00%
Published-02 Jun, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in HP Radia Notify Daemon 3.1.0.0 (formerly by Novadigm), and other versions including 2.x, 3.x, and 4.x, allows remote attackers to execute arbitrary code via a long file extension.

Action-Not Available
Vendor-n/aHP Inc.
Product-radia_clientn/a
CVE-2004-1811
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.32% / 79.97%
||
7 Day CHG~0.00%
Published-10 May, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SSL HTTP Server in HP Web-enabled Management Software 5.0 through 5.92, with anonymous access enabled, allows remote attackers to compromise the trusted certificates by uploading their own certificates.

Action-Not Available
Vendor-n/aHP Inc.
Product-ssl_http_servern/a
CVE-2018-7120
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-1.03% / 77.37%
||
7 Day CHG~0.00%
Published-10 May, 2019 | 18:22
Updated-05 Aug, 2024 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A security vulnerability in the HPE Virtual Connect SE 16Gb Fibre Channel Module for HPE Synergy running firmware 5.00.50, which is part of the HPE Synergy Custom SPP 2018.11.20190205, could allow local or remote unauthorized elevation of privilege.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-synergy_firmwaresynergyHPE Virtual Connect SE 16Gb Fibre Channel Module for HPE Synergy
CVE-2018-7096
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-3.21% / 87.09%
||
7 Day CHG-0.28%
Published-14 Aug, 2018 | 14:00
Updated-05 Aug, 2024 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow code execution.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-3par_service_providerHPE 3PAR Service Processors
CVE-2013-2369
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-5.87% / 90.61%
||
7 Day CHG~0.00%
Published-26 Jul, 2013 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1670.

Action-Not Available
Vendor-n/aHP Inc.
Product-loadrunnern/a
CVE-2004-1082
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.65% / 90.40%
||
7 Day CHG~0.00%
Published-21 Apr, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.

Action-Not Available
Vendor-scon/aOpenBSDThe Apache Software FoundationApple Inc.HP Inc.IBM CorporationAvaya LLCSun Microsystems (Oracle Corporation)
Product-intuity_audix_lxopenserversunosnetwork_routingsolariswebproxyvirtualvaulthttp_servercommunication_managermn100modular_messaging_message_storage_serverapache_mod_digest_appleopenbsdn/a
CVE-2004-0951
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.25% / 84.67%
||
7 Day CHG~0.00%
Published-19 Aug, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The make_recovery command for the TFTP server in HP Ignite-UX before C.6.2.241 makes a copy of the password file in the TFTP directory tree, which allows remote attackers to obtain sensitive information.

Action-Not Available
Vendor-n/aHP Inc.
Product-ignite-uxn/a
CVE-2020-7200
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-85.54% / 99.38%
||
7 Day CHG~0.00%
Published-18 Dec, 2020 | 22:14
Updated-04 Aug, 2024 | 09:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential security vulnerability has been identified in HPE Systems Insight Manager (SIM) version 7.6. The vulnerability could be exploited to allow remote code execution.

Action-Not Available
Vendor-n/aHP Inc.
Product-systems_insight_managerHPE Systems Insight Manager (SIM)
CVE-2004-1480
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.51% / 66.46%
||
7 Day CHG~0.00%
Published-13 Feb, 2005 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unknown vulnerability in the management station in HP StorageWorks Command View XP 1.8B and earlier allows remote attackers to bypass access restrictions.

Action-Not Available
Vendor-n/aHP Inc.
Product-storageworks_command_viewn/a
CVE-2018-5924
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-9.8||CRITICAL
EPSS-17.35% / 95.08%
||
7 Day CHG-1.22%
Published-13 Aug, 2018 | 15:00
Updated-16 Sep, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A security vulnerability has been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a stack buffer overflow, which could allow remote code execution.

Action-Not Available
Vendor-HP Inc.
Product-3yz74a_firmwared3q15am2u76_firmwared9l19a_firmwared4h22a_firmwaret3p03a_firmwaret0a23acq891arj6x76a_firmwared9l64a_firmwarej9v82af8b06a_firmwarek7s42a_firmwarecq890arf5s00cq176ab9s58aw1b38g0450_firmwaret0k98ad3a82ad3q17c_firmwaren4l17a_firmwarej9v80a_firmwarecz993a_firmwaret0g56aw1b37_firmwarecq890ccq893e_firmwarea7f65a_firmwarecq891c_firmwarek4t99bcq893bf0v64z4b12_firmwared3q20acm749acn459a_firmwaret3p03aw1b39_firmwarek7v42c_firmwaref5s43_firmwarey0s18ad3q15bf5s65ak9z76aj7a31a_firmwarecn583a_firmwaret3p04aj6x76af5s60am2u81w3u23d7z36a_firmwarej2d37acm750a_firmwarey5h80ae1d36ae1d36a_firmwarem2u85_firmwarey0s19a_firmwarel9d57ag1x85acq893c_firmwarecq176a_firmwarey5h80a_firmwarecq891ar_firmwarecn461a_firmwarex3b09aj6u63_firmwarek7v35v1n08acq890ar_firmwared3q21d_firmwarep0r21a_firmwarea9t80af1h96_firmwarecq891cd4j85bj6u55a_firmwarecr771a_firmwarea9t80b_firmwarew3u25_firmwaree4w43f0v64_firmwarej6u55d_firmwared3q15df5r96a_firmwarew1b33_firmwarecz283a_firmwarecz152a_firmwarecr771acm750a1jl02bd3q19da7f66ad3q19aa9t80bg0450f5r95f8b04am9l70a_firmwaree4w43_firmwarez4b53a_firmwarem2q28a_firmwarez4b12x3b09a_firmwaret8w35a_firmwaren4l17aj2d37a_firmwareg0v47d3q16aj9v87a_firmware1jl02b_firmwaref8b09w3u25t0g25az4b56a_firmwarecz282a_firmwarem9l80acv136acm749a_firmwarev1n01a4sc29aw1b31_firmwarek9h48_firmwaref0m65an4l18ccz276ae3e02ad3q21d1jl02a_firmwaref9a29bc9s13acq890c_firmwaret0f28a_firmwarev1n01a_firmwarea9u28b_firmwarem2u86j7k34a_firmware1dt61a_firmwared4j74t1q00d9l63a_firmwared4h21a_firmwaref9a28a_firmwarecq890a_firmwarez4b53at8x44_firmwaret5d67acq183a_firmwareb9s57cd7z36acn460acq891bf8b05acz025at0g50ak7c84_firmwarev1n02am9l70at8x39_firmwared3q17a_firmwaree3e03acv037aj9v82d_firmwaret0g45acq176k7g18a_firmwaret5d66a_firmwarek7s37a_firmware3yz74acn583aj6u55df1j00w1b33j6u55b_firmwaret6t77a3aw51ad3q15b_firmwarej6x80ad4h21aa9t89av1n02a_firmwarecn598a_firmwarej9v82bcq890ej9v82a_firmwarem2u76cv136a_firmwaret8w35af9a29aa7f65ad9l64ae1d34am9l73af8b06acn216a_firmwarea9u23b4l03m2u85cn581ad3q15a_firmwarecn577a_firmwared7z37at0g25a_firmwarecx042_firmwarej7k33a_firmwarej6u69_firmwarek7v42cd3q20b_firmwarecq893a_firmwarecz045az4b56af9a28b_firmwarez4a54p4c78a_firmwarey3z46f9d36_firmwarecq893ar_firmwarej3p68a_firmwaret3p04a_firmwarem9l81aj9v87ak9t013aw44ab9s58a_firmwared3a78bb4l08a_firmwarecn577az6z97a_firmwarej6u69cz276a_firmwarecq893ea9j411jl02a2nd31af1h96d4h25a_firmwarecq893c2nd31a_firmwareb9s76a9j40acn581a_firmwared3q16a_firmwarecz283ad3p93a_firmwaref9a29a_firmwarem2u86_firmwarej6u59_firmwarek7s34a_firmwareg3j47aj9v80af8b05a_firmwaret5d66af8b12a_firmwarecr768af8b09_firmwarek7g93a_firmwarem2u91_firmwarem9l73a_firmwarek7g93aa9u28bj7a28acq890bf5r96af8b13a_firmwarey5h60a_firmwaret0g56a_firmwarek4u04b_firmware1dt61ak9u05b_firmwarej7k34acx042d3q21ay3z57_firmwarecq176_firmwarey3z44cx017aj6x80a_firmwaref5r95_firmwarej6u55ay3z47e3e02a_firmwaref9a28bj9v86ae3e03a_firmwarecz992a_firmwarek9z76a_firmwarey5h60acq890e_firmwarem2u91d3q17ccn463a_firmwarecq891az6z11ag1w52af9a29b_firmwared3a82a_firmwarej5t77a_firmwaref0m65a_firmwarem2u751sh08cz992a4uj28b_firmwarecr769ak9z76dp4c78ay5z00acr7770a_firmwared3p93am9l65ad3q19a_firmwareg0v48c_firmwaret1q00_firmwaref5s57a_firmwarej9v82ccn459aa9u19ag0v48b_firmwarej5t77ab9s56a_firmwarew3u23_firmwarez4b07a_firmwarem9l80a_firmwarecx017a_firmwarez6z11a_firmwarej6u59j7k33aj7a28a_firmwarek7g86_firmwarecv037a_firmwarek9h57_firmwareb9s76_firmwaref0v67j9v80b_firmware1sh08_firmwareb9s57c_firmwarecz282al9b95ad9l18ad3q20dcn463al8l91a_firmwared3q20c_firmwaret8w51a_firmwaret0g50a_firmwarej6u63m2q28at0f29acz293ad3q16c_firmwarej6u55c_firmwarecr768a_firmwaren9m07ak9h48cq761ad9l18a_firmwaret8x44cz294a_firmwarem9l81a_firmwarey3z44_firmwarecq893an4l14c_firmwared3q17dk9t01_firmwarey3z46_firmwaret6t77a_firmwarecz292a_firmwarez4a54_firmwaref0v63_firmwared9l63ad3q16d_firmwarecq891a_firmwarej6u55ccz045a_firmwaree2d42a_firmwaref0v63z4b07ak9v76j7a31ak7g86d9l20ab4l03_firmwarea9u19a_firmwarecq890aj9v82b_firmwarecn216af5s60a_firmwared4h22acr769a_firmwareb9s56an4k99ck4u04bf5s57aj9v86a_firmwaref5s00_firmwarea9j40a_firmwarej6u57bt1p36_firmwarea9j41_firmwarew1b31g5j38a_firmwarecq761a_firmwarecn460a_firmwaree1d34a_firmwaref1h97cz152ab4l08ag1w52a_firmwared4h24b_firmwarey5z00a_firmwared3q21cg3j47a_firmwarel8l91aj9v80bd3q17acr7770am9l65a_firmwaret0g45a_firmwarew1b37f8b13ay3z47_firmwared3a78b_firmwarej9v82c_firmwarey3z54cq890dt0f28ay3z54_firmwarey0s18a_firmware4sc29a_firmwaret5d67a_firmwaret1p36cz293a_firmwared3q17d_firmwarecn461acq890d_firmwaren4l18c_firmwarek9v76_firmwarecz292al9b95a_firmwarecq890b_firmwaref9a28ak4t99b_firmwarew1b38_firmwarecz284at0k98a_firmwared3q16cf5s65a_firmwarel9d57a_firmwarec9s13a_firmwarek9z76d_firmware3aw51a_firmwared3q15d_firmwarej3p68ay0s19at0g54ak7s42acz993acz284a_firmwarea9t89a_firmwared3q19d_firmwaret0g70acq893b_firmwaret1p99n4k99c_firmwared3q20a_firmwaref8b04a_firmwarey3z45_firmwarej6u57b_firmwarez6z95ad7z37a_firmwarev1n08a_firmware4uj28bcq891b_firmwaret0g54a_firmwarek7s34ad3q16bk9h57e2d42ak7v35_firmwaret8w51af1h97_firmwarek7g18acz025a_firmwarez6z97ag0v47_firmwared9l20a_firmware3aw44a_firmwarey3z57n9m07a_firmwared9l19aa7f66a_firmwarem2u81_firmwarej6u55ba9u23_firmwaref9d36d3q21a_firmwaren4l14ck7c84d3q20d_firmwaref5s43p0r21aa7f64a_firmwaret0f29a_firmwarea7f64aa9t80a_firmwarecq893arcq183ad3q16df1j00_firmwaret8x39g0v48bcn598ay3z45d3q21c_firmwaref8b12av6d27v6d27_firmwarew1b39f0v67_firmwarem2u75_firmwarek9u05bj9v82dz6z95a_firmwaret0a23a_firmwared4j85b_firmwareg5j38at1p99_firmwaret0g70a_firmwared4h25ak7s37ag1x85a_firmwarecz294ad3q20bd4j74_firmwared3q16b_firmwared3q20cg0v48cd4h24bHP inkjet printers
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-5923
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.54% / 81.46%
||
7 Day CHG~0.00%
Published-27 Mar, 2019 | 15:15
Updated-05 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In HP LaserJet Enterprise, HP PageWide Enterprise, HP LaserJet Managed, and HP OfficeJet Enterprise Printers, solution application signature checking may allow potential execution of arbitrary code.

Action-Not Available
Vendor-HPHP Inc.
Product-color_laserjet_managed_flow_mfp_e87660zcolor_laserjet_managed_mfp_e87640dn_firmwareofficejet_enterprise_color_x555dnlaserjet_enterprise_mfp_m633fh_firmwarelaserjet_enterprise_mfp_m631dn_firmwarelaserjet_enterprise_color_flow_mfp_m575c_firmwarelaserjet_managed_mfp_e82560dn_firmwarepagewide_enterprise_color_x556dnpagewide_managed_color_e75160dncolor_laserjet_managed_mfp_e77825_firmwarecolor_laserjet_managed_mfp_e67560dhpagewide_managed_color_mfp_e77650dnlaserjet_enterprise_flow_m830z_mfpcolor_laserjet_enterprise_m652n_firmwarecolor_laserjet_enterprise_m552color_laserjet_managed_flow_mfp_e67550flaserjet_enterprise_m4555_mfp_firmwarelaserjet_enterprise_flow_mfp_m632zcolor_laserjet_enterprise_m653dnlaserjet_managed_e60075dnlaserjet_managed_flow_mfp_e62575z_firmwarepagewide_enterprise_color_x556xhcolor_laserjet_m680pagewide_enterprise_color_mfp_586flaserjet_enterprise_flow_mfp_m633z_firmwarelaserjet_managed_mfp_e72525_firmwarecolor_laserjet_enterprise_flow_mfp_m681z_firmwarelaserjet_enterprise_m608dh_firmwarecolor_laserjet_managed_mfp_e67550dh_firmwarelaserjet_managed_e60055dn_firmwarecolor_laserjet_managed_e55040dw_firmwarelaserjet_enterprise_600_m603xhlaserjet_enterprise_700_color_mfp_m775_firmwarelaserjet_enterprise_700_color_mfp_m775laserjet_managed_e60075dn_firmwarecolor_laserjet_managed_mfp_e87650_firmwarecolor_laserjet_managed_mfp_e87660dn_firmwarelaserjet_enterprise_mfp_m630_firmwarelaserjet_enterprise_m609dn_firmwarelaserjet_enterprise_m604color_laserjet_managed_mfp_e57540dn_firmwarelaserjet_enterprise_mfp_m725pagewide_managed_color_flow_mfp_e77660dn_firmwarepagewide_managed_color_flow_mfp_e77660zcolor_laserjet_enterprise_m653xlaserjet_enterprise_m607dnlaserjet_managed_flow_mfp_e52545cpagewide_managed_color_flow_mfp_e77660zspagewide_managed_color_mfp_e58650dn_firmwarelaserjet_enterprise_500_mfp_m525flaserjet_enterprise_600_m603xh_firmwarescanjet_enterprise_8500_document_capture_workstation_firmwarecolor_laserjet_managed_flow_mfp_e87660z_firmwarecolor_laserjet_managed_flow_mfp_e77822laserjet_managed_mfp_e72530color_laserjet_managed_mfp_e77825color_laserjet_enterprise_flow_mfp_m681fpagewide_managed_color_mfp_e58650dncolor_laserjet_managed_flow_mfp_e67560z_firmwarecolor_laserjet_cp5525laserjet_enterprise_m608n_firmwarelaserjet_enterprise_m608dnlaserjet_managed_e60065x_firmwarelaserjet_managed_e60075xcolor_laserjet_managed_e65060x_firmwarelaserjet_enterprise_800_color_m855officejet_enterprise_color_x555xh_firmwarelaserjet_managed_flow_mfp_e72530color_laserjet_managed_e65060xcolor_laserjet_managed_flow_mfp_e87640_firmwarecolor_laserjet_enterprise_m652npagewide_managed_color_flow_mfp_e77660dnofficejet_enterprise_color_mfp_x585_firmwarepagewide_managed_color_flow_mfp_e77650zcolor_laserjet_enterprise_flow_mfp_m681f_firmwarepagewide_enterprise_color_flow_mfp_586z_firmwarelaserjet_enterprise_mfp_m632hlaserjet_managed_mfp_e62555dn_firmwarelaserjet_managed_e50045dw_firmwarecolor_laserjet_enterprise_m553_firmwarecolor_laserjet_enterprise_m651laserjet_enterprise_500_color_mfp_m575dn_firmwarelaserjet_enterprise_m608dn_firmwarecolor_laserjet_managed_flow_mfp_e77825color_laserjet_enterprise_m653x_firmwarecolor_laserjet_enterprise_m750color_laserjet_cm4540_mfppagewide_managed_color_flow_mfp_e77650z_firmwarecolor_laserjet_cp5525_firmwarelaserjet_managed_mfp_e72530_firmwarelaserjet_managed_mfp_e82550_firmwarepagewide_enterprise_color_mpf_785f_firmwarecolor_laserjet_enterprise_mfp_m681fcolor_laserjet_managed_flow_mfp_e87650_firmwarelaserjet_enterprise_m806_firmwarecolor_laserjet_managed_flow_mfp_e77830zcolor_laserjet_enterprise_m750_firmwarecolor_laserjet_m680_firmwarelaserjet_managed_mfp_e72535dnlaserjet_managed_flow_mfp_e82550laserjet_enterprise_color_500_m551_firmwarelaserjet_managed_flow_mfp_e62555dnlaserjet_enterprise_mfp_m725_firmwarelaserjet_enterprise_600_m601_firmwarepagewide_managed_color_e55650dncolor_laserjet_managed_mfp_e67550dhpagewide_enterprise_color_mpf_780dn_firmwarecolor_laserjet_enterprise_m652dn_firmwarelaserjet_enterprise_m609dhlaserjet_enterprise_600_m602pagewide_managed_color_flow_mfp_e77660zts_firmwarelaserjet_enterprise_flow_mfp_m631hpagewide_managed_color_mfp_e77650dn_firmwarelaserjet_enterprise_m605laserjet_enterprise_m606laserjet_managed_e60065dnofficejet_enterprise_color_mfp_x585laserjet_enterprise_m605_firmwarelaserjet_enterprise_800_color_m855_firmwarecolor_laserjet_enterprise_m552_firmwarelaserjet_enterprise_mfp_m633fhcolor_laserjet_managed_e65060dn_firmwarelaserjet_managed_e50045dwpagewide_enterprise_color_mpf_785zspagewide_managed_color_flow_mfp_e77650zs_firmwarelaserjet_enterprise_m608dhdigital_sender_flow_8500_fn2_document_capture_workstation_firmwarecolor_laserjet_managed_flow_mfp_e77825_firmwarecolor_laserjet_enterprise_m653dh_firmwarelaserjet_managed_flow_mfp_e62565hcolor_laserjet_enterprise_m653dhscanjet_enterprise_flow_n9120_document_flatbed_scannercolor_laserjet_managed_flow_mfp_e57540c_firmwarelaserjet_managed_flow_mfp_e72525_firmwareofficejet_enterprise_color_flow_mfp_x585_firmwarecolor_laserjet_managed_flow_mfp_e67550f_firmwarelaserjet_managed_mfp_e62565hscolor_laserjet_managed_mfp_e77830dncolor_laserjet_managed_mfp_e77822laserjet_enterprise_mfp_m527_firmwarepagewide_managed_color_mfp_e77650dnspagewide_managed_color_flow_mfp_e58650zlaserjet_enterprise_700_m712xh_firmwarelaserjet_managed_flow_mfp_e82560z_firmwarelaserjet_enterprise_m607nlaserjet_managed_mfp_e82560dnlaserjet_enterprise_mfp_m527laserjet_enterprise_mfp_m631z_firmwarelaserjet_enterprise_mfp_m632fht_firmwarelaserjet_managed_mfp_e52545dnlaserjet_managed_e60065dn_firmwarecolor_laserjet_enterprise_mfp_m681dh_firmwarelaserjet_enterprise_flow_mfp_m632z_firmwarepagewide_managed_color_mfp_e77650dns_firmwarepagewide_managed_color_e55650dn_firmwarecolor_laserjet_cm4540_mfp_firmwarepagewide_enterprise_color_mfp_586dn_firmwarelaserjet_enterprise_flow_mfp_m633zlaserjet_enterprise_m607n_firmwarepagewide_enterprise_color_mfp_586f_firmwarelaserjet_enterprise_m609x_firmwarescanjet_enterprise_flow_n9120_document_flatbed_scanner_firmwarelaserjet_enterprise_800_color_mfp_m880_firmwarelaserjet_enterprise_m608xlaserjet_managed_flow_mfp_e72530_firmwarecolor_laserjet_managed_flow_mfp_e67560zcolor_laserjet_managed_e55040dwcolor_laserjet_managed_mfp_e87640laserjet_managed_flow_mfp_e82540color_laserjet_managed_flow_mfp_e87640laserjet_managed_flow_mfp_e62565h_firmwarecolor_laserjet_enterprise_m652dnlaserjet_managed_mfp_e82540_firmwarelaserjet_enterprise_800_color_mfp_m880pagewide_enterprise_color_x556xh_firmwarepagewide_enterprise_color_flow_mfp_586zcolor_laserjet_managed_flow_mfp_e87640zlaserjet_enterprise_500_color_mfp_m575dnpagewide_enterprise_color_mfp_586dnlaserjet_managed_e60075x_firmwareofficejet_enterprise_color_flow_mfp_x585laserjet_managed_flow_mfp_e72535zlaserjet_managed_flow_mfp_e82540_firmwarelaserjet_enterprise_m609dh_firmwarelaserjet_managed_flow_mfp_e62565zcolor_laserjet_managed_flow_mfp_e77830z_firmwarecolor_laserjet_enterprise_mfp_m577laserjet_managed_flow_mfp_e62555dn_firmwarelaserjet_enterprise_m607dn_firmwarelaserjet_managed_mfp_e72525laserjet_managed_flow_mfp_e72525pagewide_enterprise_color_mpf_785flaserjet_enterprise_m608x_firmwarelaserjet_enterprise_m604_firmwarepagewide_enterprise_color_765dncolor_laserjet_managed_mfp_e77830dn_firmwarelaserjet_managed_e60065xcolor_laserjet_managed_flow_mfp_e87640z_firmwarelaserjet_enterprise_m609dnlaserjet_enterprise_700_m712xhcolor_laserjet_managed_mfp_e67560dh_firmwarelaserjet_managed_flow_mfp_e52545c_firmwarelaserjet_managed_mfp_e62565hs_firmwarelaserjet_managed_flow_mfp_e72535z_firmwarelaserjet_enterprise_mfp_m630laserjet_enterprise_600_m602_firmwarelaserjet_enterprise_mfp_m631dnlaserjet_managed_flow_mfp_e82560zcolor_laserjet_managed_e65050dn_firmwareofficejet_enterprise_color_x555dn_firmwarecolor_laserjet_managed_e65050dnpagewide_managed_color_flow_mfp_e77660zs_firmwarecolor_laserjet_enterprise_mfp_m681dhcolor_laserjet_enterprise_m651_firmwarelaserjet_enterprise_m608ncolor_laserjet_managed_flow_mfp_e87650pagewide_managed_color_e75160dn_firmwarelaserjet_enterprise_color_500_m551laserjet_enterprise_flow_mfp_m631h_firmwarepagewide_managed_color_flow_mfp_e77660ztslaserjet_enterprise_color_flow_mfp_m575cpagewide_enterprise_color_mpf_780fpagewide_enterprise_color_mpf_780f_firmwarepagewide_managed_color_flow_mfp_e58650z_firmwarecolor_laserjet_managed_e65060dncolor_laserjet_enterprise_mfp_m577_firmwarelaserjet_enterprise_m806color_laserjet_enterprise_flow_mfp_m682z_firmwarecolor_laserjet_managed_mfp_e57540dncolor_laserjet_enterprise_mfp_m682dhlaserjet_managed_flow_mfp_e82550_firmwaredigital_sender_flow_8500_fn2_document_capture_workstationcolor_laserjet_managed_mfp_e87640_firmwarelaserjet_enterprise_m4555_mfpcolor_laserjet_managed_flow_mfp_e77822_firmwarelaserjet_enterprise_m506laserjet_enterprise_500_mfp_m525f_firmwarepagewide_managed_color_flow_mfp_e77650zscolor_laserjet_managed_flow_mfp_e57540ccolor_laserjet_managed_mfp_e77822_firmwarepagewide_managed_color_flow_mfp_e77660z_firmwarecolor_laserjet_enterprise_mfp_m682dh_firmwarepagewide_enterprise_color_mpf_785zs_firmwarelaserjet_enterprise_mfp_m632h_firmwarelaserjet_enterprise_m609xcolor_laserjet_enterprise_flow_mfp_m682zlaserjet_managed_mfp_e82550laserjet_enterprise_flow_m830z_mfp_firmwarelaserjet_managed_mfp_e62555dnlaserjet_enterprise_flow_mfp_m525claserjet_enterprise_flow_mfp_m630z_firmwarelaserjet_managed_mfp_e72535dn_firmwarelaserjet_enterprise_mfp_m631zscanjet_enterprise_8500_document_capture_workstationpagewide_enterprise_color_mpf_780dncolor_laserjet_enterprise_mfp_m681f_firmwarecolor_laserjet_enterprise_flow_mfp_m681zlaserjet_managed_mfp_e82540pagewide_enterprise_color_765dn_firmwarepagewide_enterprise_color_x556dn_firmwarecolor_laserjet_managed_mfp_e87640dnofficejet_enterprise_color_x555xhcolor_laserjet_enterprise_m553color_laserjet_managed_mfp_e87660dnlaserjet_enterprise_600_m601laserjet_managed_e60055dncolor_laserjet_enterprise_m653dn_firmwarelaserjet_managed_flow_mfp_e62575zlaserjet_enterprise_flow_mfp_m630zlaserjet_managed_mfp_e52545dn_firmwarelaserjet_managed_flow_mfp_e62565z_firmwarelaserjet_enterprise_flow_mfp_m525c_firmwarecolor_laserjet_managed_mfp_e87650laserjet_enterprise_m606_firmwarelaserjet_enterprise_m506_firmwarelaserjet_enterprise_mfp_m632fhtHP LaserJet Enterprise, HP PageWide Enterprise, HP LaserJet Managed, and HP OfficeJet Enterprise Printers
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2022-28623
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-0.61% / 69.78%
||
7 Day CHG~0.00%
Published-08 Jul, 2022 | 12:39
Updated-03 Aug, 2024 | 05:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Security vulnerabilities in HPE IceWall SSO 10.0 certd could be exploited remotely to allow SQL injection or unauthorized data injection. HPE has provided the following updated modules to resolve these vulnerabilities. HPE IceWall SSO version 10.0 certd library Patch 9 for RHEL and HPE IceWall SSO version 10.0 certd library Patch 9 for HP-UX.

Action-Not Available
Vendor-n/aHewlett Packard Enterprise (HPE)HP Inc.Red Hat, Inc.
Product-enterprise_linuxicewall_sso_certdhp-uxHPE IceWall SSO
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-28616
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-0.49% / 65.69%
||
7 Day CHG~0.00%
Published-17 May, 2022 | 20:04
Updated-03 Aug, 2024 | 05:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.

Action-Not Available
Vendor-n/aHP Inc.
Product-oneviewHPE OneView
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2003-0951
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.36% / 57.73%
||
7 Day CHG~0.00%
Published-18 Nov, 2003 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Partition Manager (parmgr) in HP-UX B.11.23 does not properly validate certificates that are provided by the cimserver, which allows attackers to obtain sensitive data or gain privileges.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CVE-2022-28617
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-0.49% / 65.63%
||
7 Day CHG~0.00%
Published-17 May, 2022 | 19:59
Updated-03 Aug, 2024 | 05:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote bypass security restrictions vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.

Action-Not Available
Vendor-n/aHP Inc.
Product-oneviewHPE OneView
CVE-2003-0064
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.87% / 75.30%
||
7 Day CHG~0.00%
Published-01 Sep, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dtterm terminal emulator allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.

Action-Not Available
Vendor-n/aHP Inc.IBM CorporationSilicon Graphics, Inc.Sun Microsystems (Oracle Corporation)
Product-sunosirixsolarishp-uxaixn/a
CVE-2003-0028
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-56.05% / 98.12%
||
7 Day CHG~0.00%
Published-21 Mar, 2003 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.

Action-Not Available
Vendor-openafscrayn/aOpenBSDHP Inc.IBM CorporationSilicon Graphics, Inc.MIT (Massachusetts Institute of Technology)FreeBSD FoundationGNUSun Microsystems (Oracle Corporation)
Product-openafssunosirixsolarishp-ux_series_700hp-ux_series_800glibcfreebsdhp-uxaixunicoskerberos_5openbsdn/a
CVE-2002-1605
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-44.01% / 97.56%
||
7 Day CHG~0.00%
Published-25 Mar, 2005 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows attackers to execute arbitrary code via a long _XKB_CHARSET environment variable to (1) dxpause, (2) dxconsole, or (3) dtsession.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxtru64n/a
CVE-2002-0763
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.65% / 70.80%
||
7 Day CHG~0.00%
Published-26 Jul, 2002 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in administration server for HP VirtualVault 4.5 on HP-UX 11.04 allows remote web servers or privileged external processes to bypass access restrictions and establish connections to the server.

Action-Not Available
Vendor-n/aHP Inc.
Product-virtualvaultn/a
CVE-2002-1408
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.92% / 76.05%
||
7 Day CHG~0.00%
Published-18 Mar, 2003 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unknown vulnerability or vulnerabilities in HP OpenView EMANATE 14.2 snmpModules allow the SNMP read-write community name to be exposed, related to (1) "'read-only' community access," and/or (2) an easily guessable community name.

Action-Not Available
Vendor-n/aHP Inc.
Product-openview_emanate_snmp_agentvvosn/a
CVE-2002-0836
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-14.13% / 94.39%
||
7 Day CHG~0.00%
Published-01 Sep, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

dvips converter for Postscript files in the tetex package calls the system() function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involving fonts.

Action-Not Available
Vendor-n/aHP Inc.Red Hat, Inc.Mandriva (Mandrakesoft)
Product-secure_osmandrake_linuxlinuxn/a
CVE-2002-0677
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-14.94% / 94.58%
||
7 Day CHG~0.00%
Published-12 Jul, 2002 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CDE ToolTalk database server (ttdbserver) allows remote attackers to overwrite arbitrary memory locations with a zero, and possibly gain privileges, via a file descriptor argument in an AUTH_UNIX procedure call, which is used as a table index by the _TT_ISCLOSE procedure.

Action-Not Available
Vendor-compaqxi_graphicsn/aHP Inc.IBM CorporationSilicon Graphics, Inc.Sun Microsystems (Oracle Corporation)The MITRE Corporation (Caldera)
Product-sunosdextopirixsolaristru64hp-uxunixwareaixopenunixn/a
CVE-2002-1317
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-50.96% / 97.88%
||
7 Day CHG~0.00%
Published-01 Sep, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query.

Action-Not Available
Vendor-xfree86_projectn/aHP Inc.Sun Microsystems (Oracle Corporation)Silicon Graphics, Inc.
Product-sunosx11r6irixsolarishp-uxn/a
CVE-2002-1048
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-10.28% / 93.21%
||
7 Day CHG~0.00%
Published-31 Aug, 2002 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP JetDirect printers allow remote attackers to obtain the administrative password for the (1) web and (2) telnet services via an SNMP request to the variable (.iso.3.6.1.4.1.11.2.3.9.4.2.1.3.9.1.1.0.

Action-Not Available
Vendor-n/aHP Inc.
Product-jetdirectn/a
CVE-2001-1563
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.98% / 89.73%
||
7 Day CHG~0.00%
Published-14 Jul, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unknown vulnerability in Tomcat 3.2.1 running on HP Secure OS for Linux 1.0 allows attackers to access servlet resources. NOTE: due to the vagueness of the vendor advisory, it is not clear whether this issue is already covered by other CVE identifiers.

Action-Not Available
Vendor-n/aThe Apache Software FoundationHP Inc.
Product-secure_ostomcatn/a
CVE-2002-0250
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-7.09% / 91.56%
||
7 Day CHG~0.00%
Published-02 Apr, 2003 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Web configuration utility in HP AdvanceStack hubs J3200A through J3210A with firmware version A.03.07 and earlier, allows unauthorized users to bypass authentication via a direct HTTP request to the web_access.html file, which allows the user to change the switch's configuration and modify the administrator password.

Action-Not Available
Vendor-n/aHP Inc.
Product-advancestack_10base-t_switching_hub_j3210aadvancestack_10base-t_switching_hub_j3201aadvancestack_10base-t_switching_hub_j3203aadvancestack_10base-t_switching_hub_j3202aadvancestack_10base-t_switching_hub_j3204aadvancestack_10base-t_switching_hub_j3205aadvancestack_10base-t_switching_hub_j3200an/a
CVE-2001-1039
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.60% / 69.55%
||
7 Day CHG~0.00%
Published-02 Feb, 2002 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The JetAdmin web interface for HP JetDirect does not set a password for the telnet interface when the admin password is changed, which allows remote attackers to gain access to the printer.

Action-Not Available
Vendor-n/aHP Inc.
Product-jetadminn/a
CVE-2001-0668
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.42% / 80.66%
||
7 Day CHG~0.00%
Published-09 Mar, 2002 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in line printer daemon (rlpdaemon) in HP-UX 10.01 through 11.11 allows remote attackers to execute arbitrary commands.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CVE-2001-0608
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.68% / 71.72%
||
7 Day CHG~0.00%
Published-27 Jul, 2001 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP architected interface facility (AIF) as includes with MPE/iX 5.5 through 6.5 running on a HP3000 allows an attacker to gain additional privileges and gain access to databases via the AIF - AIFCHANGELOGON program.

Action-Not Available
Vendor-n/aHP Inc.
Product-mpen/a
CVE-2001-0978
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.29% / 79.76%
||
7 Day CHG~0.00%
Published-02 Apr, 2003 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

login in HP-UX 10.26 does not record failed login attempts in /var/adm/btmp, which could allow attackers to conduct brute force password guessing attacks without being detected or observed using the lastb program.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CVE-1999-1324
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.75% / 73.17%
||
7 Day CHG~0.00%
Published-09 Mar, 2002 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VAXstations running Open VMS 5.3 through 5.5-2 with VMS DECwindows or MOTIF do not properly disable access to user accounts that exceed the break-in limit threshold for failed login attempts, which makes it easier for attackers to conduct brute force password guessing.

Action-Not Available
Vendor-n/aHP Inc.
Product-openvms_vaxn/a
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-1999-1163
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.51% / 66.41%
||
7 Day CHG~0.00%
Published-09 Mar, 2002 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in HP Series 800 S/X/V Class servers allows remote attackers to gain access to the S/X/V Class console via the Service Support Processor (SSP) Teststation.

Action-Not Available
Vendor-n/aHP Inc.
Product-9000n/a
CVE-1999-1062
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.44% / 63.19%
||
7 Day CHG~0.00%
Published-12 Sep, 2001 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Laserjet printers with JetDirect cards, when configured with TCP/IP, allow remote attackers to bypass print filters by directly sending PostScript documents to TCP ports 9099 and 9100.

Action-Not Available
Vendor-n/aHP Inc.
Product-jetdirectn/a
CVE-1999-0517
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-92.00% / 99.71%
||
7 Day CHG~0.00%
Published-04 Feb, 2000 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An SNMP community name is the default (e.g. public), null, or missing.

Action-Not Available
Vendor-n/aHP Inc.Sun Microsystems (Oracle Corporation)
Product-sunoshp-uxn/a
CVE-1999-0502
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-37.09% / 97.18%
||
7 Day CHG~0.00%
Published-04 Feb, 2000 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Unix account has a default, null, blank, or missing password.

Action-Not Available
Vendor-n/aHP Inc.Red Hat, Inc.Sun Microsystems (Oracle Corporation)
Product-sunoshp-uxlinuxsolarisn/a
CVE-1999-0057
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.41% / 90.19%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vacation program allows command execution by remote users through a sendmail command.

Action-Not Available
Vendor-eric_allmann/aHP Inc.IBM CorporationFreeBSD FoundationSun Microsystems (Oracle Corporation)
Product-sunosvvossolarisvacationfreebsdhp-uxaixn/a
CVE-1999-0333
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.48% / 81.06%
||
7 Day CHG~0.00%
Published-04 Feb, 2000 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP OpenView Omniback allows remote execution of commands as root via spoofing, and local users can gain root access via a symlink attack.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CVE-2013-4801
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-7.58% / 91.88%
||
7 Day CHG~0.00%
Published-26 Jul, 2013 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1736.

Action-Not Available
Vendor-n/aHP Inc.
Product-loadrunnern/a
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 22
  • 23
  • Next
Details not found