Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2014-4669

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-28 Jun, 2014 | 15:00
Updated At-06 Aug, 2024 | 11:27
Rejected At-
Credits

HP Enterprise Maps 1.00 allows remote authenticated users to read arbitrary files via a WSDL document containing an XML external entity declaration in conjunction with an entity reference within a GetQuote operation, related to an XML External Entity (XXE) issue.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:28 Jun, 2014 | 15:00
Updated At:06 Aug, 2024 | 11:27
Rejected At:
▼CVE Numbering Authority (CNA)

HP Enterprise Maps 1.00 allows remote authenticated users to read arbitrary files via a WSDL document containing an XML external entity declaration in conjunction with an entity reference within a GetQuote operation, related to an XML External Entity (XXE) issue.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/68200
vdb-entry
x_refsource_BID
http://seclists.org/fulldisclosure/2014/Jun/127
mailing-list
x_refsource_FULLDISC
http://packetstormsecurity.com/files/127239/HP-Enterprise-Maps-1.00-Authenticated-XXE-Injection.html
x_refsource_MISC
Hyperlink: http://www.securityfocus.com/bid/68200
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://seclists.org/fulldisclosure/2014/Jun/127
Resource:
mailing-list
x_refsource_FULLDISC
Hyperlink: http://packetstormsecurity.com/files/127239/HP-Enterprise-Maps-1.00-Authenticated-XXE-Injection.html
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/68200
vdb-entry
x_refsource_BID
x_transferred
http://seclists.org/fulldisclosure/2014/Jun/127
mailing-list
x_refsource_FULLDISC
x_transferred
http://packetstormsecurity.com/files/127239/HP-Enterprise-Maps-1.00-Authenticated-XXE-Injection.html
x_refsource_MISC
x_transferred
Hyperlink: http://www.securityfocus.com/bid/68200
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2014/Jun/127
Resource:
mailing-list
x_refsource_FULLDISC
x_transferred
Hyperlink: http://packetstormsecurity.com/files/127239/HP-Enterprise-Maps-1.00-Authenticated-XXE-Injection.html
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:28 Jun, 2014 | 15:55
Updated At:12 Apr, 2025 | 10:46

HP Enterprise Maps 1.00 allows remote authenticated users to read arbitrary files via a WSDL document containing an XML external entity declaration in conjunction with an entity reference within a GetQuote operation, related to an XML External Entity (XXE) issue.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.03.5LOW
AV:N/AC:M/Au:S/C:P/I:N/A:N
Type: Primary
Version: 2.0
Base score: 3.5
Base severity: LOW
Vector:
AV:N/AC:M/Au:S/C:P/I:N/A:N
CPE Matches
HP Inc.
hp
>>enterprise_maps>>1.00
cpe:2.3:a:hp:enterprise_maps:1.00:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-200Primarynvd@nist.gov
CWE ID: CWE-200
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://packetstormsecurity.com/files/127239/HP-Enterprise-Maps-1.00-Authenticated-XXE-Injection.htmlcve@mitre.org
Exploit
http://seclists.org/fulldisclosure/2014/Jun/127cve@mitre.org
N/A
http://www.securityfocus.com/bid/68200cve@mitre.org
N/A
http://packetstormsecurity.com/files/127239/HP-Enterprise-Maps-1.00-Authenticated-XXE-Injection.htmlaf854a3a-2127-422b-91ae-364da2661108
Exploit
http://seclists.org/fulldisclosure/2014/Jun/127af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/68200af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://packetstormsecurity.com/files/127239/HP-Enterprise-Maps-1.00-Authenticated-XXE-Injection.html
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: http://seclists.org/fulldisclosure/2014/Jun/127
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/68200
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://packetstormsecurity.com/files/127239/HP-Enterprise-Maps-1.00-Authenticated-XXE-Injection.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Hyperlink: http://seclists.org/fulldisclosure/2014/Jun/127
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/68200
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

227Records found
CVE-2013-2322
Matching Score-10
Assigner-HP Inc.
ShareView Details
Matching Score-10
Assigner-HP Inc.
CVSS Score-3.5||LOW
EPSS-0.18% / 39.66%
||
7 Day CHG~0.00%
Published-28 Jun, 2013 | 14:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP SQL/MX 3.2 and earlier on NonStop servers, when SQL/MP Objects are used, allows remote authenticated users to obtain sensitive information via unspecified vectors, aka the "SQL/MP index" issue.

Action-Not Available
Vendor-n/aHP Inc.
Product-nonstop_sql\/mxn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-2108
Matching Score-10
Assigner-HP Inc.
ShareView Details
Matching Score-10
Assigner-HP Inc.
CVSS Score-3.5||LOW
EPSS-0.18% / 39.33%
||
7 Day CHG~0.00%
Published-31 Mar, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Powershell Operations in HP Operations Orchestration 9.x and 10.x allows remote authenticated users to obtain sensitive information via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-operations_orchestrationn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-20579
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.27% / 50.31%
||
7 Day CHG~0.00%
Published-24 Jun, 2021 | 18:45
Updated-16 Sep, 2024 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user who can create a view or inline SQL function to obtain sensitive information when AUTO_REVAL is set to DEFFERED_FORCE. IBM X-Force ID: 199283.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kerneldb2hp-uxwindowsaixDB2 for Linux, UNIX and Windows
CVE-2013-4819
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-3.5||LOW
EPSS-0.18% / 39.66%
||
7 Day CHG~0.00%
Published-23 Sep, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP IceWall SSO Agent Option 8.0 through 10.0 allows remote authenticated users to obtain sensitive information via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-icewall_sso_agent_optionn/a
CVE-2012-3268
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-3.5||LOW
EPSS-1.79% / 82.86%
||
7 Day CHG~0.00%
Published-01 Feb, 2013 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain HP Access Controller, Fabric Module, Firewall, Router, Switch, and UTM Appliance products; certain HP 3Com Access Controller, Router, and Switch products; certain HP H3C Access Controller, Firewall, Router, Switch, and Switch and Route Processing Unit products; and certain Huawei Firewall/Gateway, Router, Switch, and Wireless products do not properly implement access control as defined in h3c-user.mib 2.0 and hh3c-user.mib 2.0, which allows remote authenticated users to discover credentials in UserInfoEntry values via an SNMP request with the read-only community.

Action-Not Available
Vendor-n/aHP Inc.Huawei Technologies Co., Ltd.
Product-je528ajd356ajg256a3cr17252taa-91jf242a0231a88ljd242a0235a19d3crbvcxmsr03a0235a19kjf230a0235a0e50235aa2mjf431c3cr17161taa-91jg182aje091ajd967ajf241ajd172ajd447b3cr17258-91jg258a0231a761jd338ajg304a3crs48g-24p-913cr17258taa-913cr17172-913cr17152-91jd654ajg245ajg255ajd671ajd657a3cr17662-913cr17772-91jd320b0235a31bjc150bjd673aje064ajd371a0235a0e63cr17772taa-910235a21p3cs7902eje008aje020a3cr17333a-910235a08fjd318b0235a31qjd029ajd667ajd676ane40e\&80eje059ajg215ajd241b3cs7903e0150a12a3c17302ajd303a0235a10g0235a0g0jd241a0235a0bqjf800a3cr17561-91je066a0235a10f3crs42g-48-910235a25n0235a32bjd666ajc700aje045ajg092a0235a23tjd665a0235a15g0235a42djc148bjd307a0235a398jd469ajf238ajg301a3cr17331taa-91jf809ajd240a0235a38qjf239a0235a20pjd376ajd374aje106a3crs48g-24s-91je021ajd921a0235a0btje092a3crbsg28hpwr93jf240ajg236a0235a3253cr17331a-91jg208aje166ajd302a0235a19bjc101ajd449a3cr17250taa-91jg207a0235a31w0235a17b3cr17254-91jc054a0235a15d3cr17253taa-91je063aje046a0235a37tje069a0235a296jc697ajd009aje013ama5200g0235a2973cs7906evjd661a3cruwx500275je030a0235a38pjg221a0235a34b3cr17661-913c136130231a88ajf231a0235a14w3c17540taa3cr17761-91jd317ajg091ajc124bje057ajg253ajf431a0235a38r0235a22hjd375ajd245a3c13636je009a0235a36q0235a0c4jf812a0235a20qjc104a3c17304ajd674a3crbsg2893jf234ajd378ajd669a0235a0a8je201a0235a31njf229a0235a0g70235a15h3cr17332a-91rtvz33020as0235a0e30235a22elsq1fwbsc03crs48g-24-910235a41d0235a19c0235a21q0235a248jd444ajf430a0235a0gajd275a0235a322jd023ajg238a3crbvcxmsr05a0235a20njf801ajd310ajf552a0235a0bujg311a0235a36njd314ajc125ajg247aje108ajd663ajd922a0235a268je101a3cr17251-91je007a0235a38mjd935ajf553ajd346a0235a42bje551ajr430bjf247a3cr17259-91jd450a0235a3260235a10hjd433ajd943aje094ajd658a3cr17343-913crbvcxmsr06a3c13751jd312aje060a0235a27djd304a3c137590235a22t0235a20vjd663b3crs48g-48-91ne40\&80jg249ajg299a0235a320je200ajd348a3c17543taa3cr17341a-913cr17761taa-910235a23hjd319bjd344ajf551ajd313a0235a32g0235a2990235a0e7jd319a3cr17181-910235a20s0235a20j3crbvcxmsr02ajd332a0235a14vjg223a3cr17250-913crbvcxmsr07a0235a22d0235a10ljg225ajd345a3cr17332-91jc566ajc698ajg303a0235a29ljg478ajg305ajd672ajc158a3c13612je071a3crbvcxmsr01a3cr17771taa-91jd918aje100ame60jf806ajc496ajd349aje029a0235a0geje018a0235a31xjd655ajd010ajd353ajd240bje527ajd357a0235a0c0jg302a3cs7903es0235a15cjg184aje012a0235a08mje526ajc149bjd923ajc086ajd347ajd354a0235a15j0235a22r0235a0gdjd273ajf808ajf844ane200235a31r3c136413c175413cr17762taa-91jf236a0235a26gjc613ajd249a0235a08kjr024ajr431bjd316ajf228a3cr17331-910235a0g2jd373ajd377a3cr17343a-91jf802ajd008a0235a301je102ajd243b0235a38v3cr17671-91je204a0235a27r3cr17172taa-91jc100a3c17541taa3crs42g-24-910235a22kjc103a3cr17151-91je105ajf233ajd243ajd028a3cr17161-913c13616jd274a0235a0bx0235a3900235a35jjd334a0235a2383cr17771-91je074ajd330aje097ajc474ajf817arpe-x1jd193b0235a31ejd370aje198ajd331ajc105ajg210a3crs45g-24-910235a22pje109aje088a0235a0gcjd329a0235a19l0235a2693cr17334-91jd305a0235a38n0235a37xje203ajd313b0235a3970235a09tjd662a0235a0asjd239ajg300ajd251ajf815ajd194a3cs7906ejg241a0235a3943c13840jg315ajd972ajd026aje022a0235a3210235a08hje095a3cr17253-910235a17aje005a0235a31vjd335a3cr17341-910235a0g1jf845a0235a15fjg307ajf814a0235a22fjc611a3cr17251taa-910235a25rjd916ajd326ajd250ajd355a3c175403c136400150a129jd328aje028a0235a237jd668aje033ajc699a3crbvcxmsr08a0235a0g6jc748aje104ajd336a0235a29ajd432a0235a0c2jf235ajc056a0235a10cjd325a0235a0g9jc055ajd431ajf287ajc150ajf285ajd306a3cr17162taa-913cr17162-91jg252a0235a10j0235a3000231a65tje070ajg213ajd320ajf232aje068ajf284a0235a3913cr17333-913cr17571-91jf807aje016ajg348ajd025acx600jd350a0235a327jd193ajc178b0150a12cje026aje015aje199ajd318a0231a86p0235a20rje048a0235a33rje165ajc085a0235a323je089ajd007ajf237a0235a3950235a10bjc666ajg183a3crbsg52933c13701jg240ajg349ajc177ajf803ajd024ajc635ajd220ajf428a3cruwx500475jc612ajc176ajd946ajuc653aje073ajf847a3cr17342-913cr17181taa-91atbje099ajc165aje031ajg239ajf804ajd352a0235a10k0235a0g5je067ajg237ajd238a0235a0a7jd447a3cr17171taa-91jd239bjc694aje062ajc147b3crs48g-48p-910235a32ejd448ajd351ajf283a0235a10d-ma5200gjd268a0235a32x0235a29yjg209ajf286a0235a31pjd011a0235a27q0235a267je168ajg350ajc652ajd664a0235a0g4jg257ajg248a0235a31cjd369ajd379ajd670ane5000eje107a0235a31djd309ajd242blsq1srpd00235a16t0235a21xjd027ajd308a0235a0gfjg059a0235a27s0235a10ejg246aje090ajg222ajc701ajc178ajg251a0235a0g8jd337a0235a0bsje061a0235a3240235a23pjd660a0235a22cjf816ajg312ajd311a3c17543jd448b0235a37u0235a20k0235a0br0235a0ct0235a393je072aje096a3cr17762-91jd468ajd272a0235a39h0231a832jf427a0235a0g3jg254aje167a0235a298je023ajd372aje006a0235a25sjg242ajf813a3crs42g-24p-913crbsg28pwr93lsr1fw2a1jd315a0235a20ljd238bje027ajg250ajf430cje545ajc474b0231a0avjd333ajc149ajd327a0235a15b0235a396jc691ajc125b3cr17341taa-91je110ajf846aje032a3cr17660-91ne20e-x63cr17572-913crbsg20933cr17171-910235a3283crs45g-48-91je093a0235a19hjc147a0235a19jje058ajc177b3cr17562-91je164aatnjd659aje103ajd656ajd917ajc653ajf640ajc148a0235a392jc099ajd675a0150a12bjg214aje025an/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-28638
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.8||HIGH
EPSS-0.13% / 31.88%
||
7 Day CHG~0.00%
Published-20 Sep, 2022 | 20:04
Updated-29 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An isolated local disclosure of information and potential isolated local arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability were discovered in HPE Integrated Lights-Out 5 (iLO 5) in Version: 2.71. Hewlett Packard Enterprise has provided updated firmware for HPE Integrated Lights-Out 5 (iLO 5) that addresses these security vulnerabilities.

Action-Not Available
Vendor-n/aHP Inc.Hewlett Packard Enterprise (HPE)
Product-proliant_xl290n_gen10_plus_serverstoreeasy_1860_storageproliant_dx190r_gen10_serverapollo_n2800_gen10_plusproliant_dl345_gen10_plus_serverproliant_dx385_gen10_plus_serverstorage_performance_file_controllerproliant_xl645d_gen10_plus_serveredgeline_e920_server_bladeapollo_n2600_gen10_plusintegrated_lights-out_5_firmwareproliant_dx380_gen10_plus_serverstoreeasy_1460_storageproliant_e910_server_bladeproliant_dx380_gen10_serverproliant_dl360_gen10_serverproliant_dx560_gen10_serverapollo_r2000_chassisapollo_4200_gen10_plus_systemproliant_dl380_gen10_serverapollo_4200_gen10_serverstoreeasy_1660_performance_storagestorage_file_controllerapollo_r2600_gen10proliant_dl365_gen10_plus_serverproliant_dl360_gen10_plus_serveredgeline_e920d_server_bladeproliant_microserver_gen10_plusproliant_xl675d_gen10_plus_serverproliant_dx170r_gen10_serverproliant_dl380_gen10_plus_serverproliant_m750_server_bladeapollo_4510_gen10_systemproliant_xl170r_gen10_serverproliant_dx4200_gen10_serverproliant_xl225n_gen10_plus_1u_nodeproliant_dl580_gen10_serverstoreeasy_1660_expanded_storageproliant_xl220n_gen10_plus_serverproliant_dx385_gen10_plus_v2_serverproliant_ml30_gen10_serverintegrated_lights-out_5proliant_dl110_gen10_plus_telco_serverproliant_ml30_gen10_plus_serverproliant_dl385_gen10_plus_v2_serverproliant_dl325_gen10_serverproliant_xl450_gen10_serverapollo_2000_gen10_plus_systemproliant_dl20_gen10_serverstoreeasy_1560_storageproliant_xl270d_gen10_serverstoreeasy_1660_storageproliant_dl160_gen10_serveredgeline_e920t_server_bladeproliant_xl420_gen10_serverproliant_dx220n_gen10_plus_serverproliant_dx360_gen10_serverapollo_6500_gen10_plusproliant_dx360_gen10_plus_serverproliant_ml350_gen10_serverproliant_dl325_gen10_plus_v2_serverapollo_r2800_gen10proliant_e910t_server_bladeproliant_dl385_gen10_serverproliant_xl190r_gen10_serverproliant_bl460c_gen10_server_bladeproliant_dl325_gen10_plus_serverproliant_xl925g_gen10_plus_1u_4-node_configure-to-order_serverproliant_dl180_gen10_serverstoreeasy_1860_performance_storageproliant_dl385_gen10_plus_serverapollo_4500proliant_dl560_gen10_serverproliant_xl230k_gen10_serverproliant_dl20_gen10_plus_serverproliant_dx325_gen10_plus_v2_serverproliant_ml110_gen10_serverHPE Integrated Lights-Out 5 (iLO 5)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-50271
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-0.21% / 43.36%
||
7 Day CHG~0.00%
Published-17 Dec, 2023 | 14:49
Updated-02 Aug, 2024 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HP-UX System Management Homepage, Disclosure of Information

A potential security vulnerability has been identified with HP-UX System Management Homepage (SMH). This vulnerability could be exploited locally or remotely to disclose information.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-system_management_homepagehp-uxHPE System Management Homepage (SMH)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-3956
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-1.9||LOW
EPSS-0.08% / 23.40%
||
7 Day CHG~0.00%
Published-04 Jun, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program.

Action-Not Available
Vendor-sendmailn/aFedora ProjectFreeBSD FoundationHP Inc.
Product-fedorafreebsdsendmailhpuxn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-4826
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-5||MEDIUM
EPSS-77.23% / 98.99%
||
7 Day CHG~0.00%
Published-13 Oct, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-1647.

Action-Not Available
Vendor-n/aHP Inc.
Product-imc_service_operation_management_software_moduleintelligent_management_centern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-4832
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-4||MEDIUM
EPSS-0.21% / 43.59%
||
7 Day CHG~0.00%
Published-16 Oct, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Service Manager 9.30 through 9.32 allows remote authenticated users to obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-service_managern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-4829
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-1.5||LOW
EPSS-0.06% / 17.16%
||
7 Day CHG~0.00%
Published-04 Oct, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP LaserJet M4555, M525, and M725; LaserJet flow MFP M525c; LaserJet Enterprise color flow MFP M575c; Color LaserJet CM4540, M575, and M775; and ScanJet Enterprise 8500fn1 FutureSmart devices allow local users to read images of arbitrary scanned documents via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-color_laserjet_cm4540flaserjet_enterprise_color_flow_m575ccolor_laserjet_m775zlaserjet_m4555laserjet_m725zlaserjet_m725dnlaserjet_m725z\+color_laserjet_m775z\+laserjet_m4555fcolor_laserjet_m775dncolor_laserjet_cm4540color_laserjet_m575dnlaserjet_m525flaserjet_m725flaserjet_m525dncolor_laserjet_m775flaserjet_flow_m525claserjet_m4555hscanjet_enterprise_8500fn1laserjet_m4555fskmcolor_laserjet_m575fcolor_laserjet_cm4540fskmn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2007-4514
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.86% / 75.05%
||
7 Day CHG~0.00%
Published-15 Apr, 2009 | 10:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP ProCurve Manager and HP ProCurve Manager Plus 2.3 and earlier allows remote attackers to obtain sensitive information from the ProCurve Manager server via unknown attack vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-procurve_managern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-12784
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 8.30%
||
7 Day CHG~0.00%
Published-13 Nov, 2025 | 17:35
Updated-13 Feb, 2026 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Certain HP LaserJet Pro Printers – Potential Information Disclosure

Certain HP LaserJet Pro printers may be vulnerable to information disclosure leading to credential exposure by altering the scan/send destination address and/or modifying the LDAP Server.

Action-Not Available
Vendor-HP IncHP Inc.
Product-7kw59a7kw64a_firmwarew1a63a7kw68a7kw75a_firmware7kw57a_firmwarew1a82aw1a77a7kw66aw1a30a_firmwarew1a35a_firmware7kw55a7kw66a_firmwarew1y47a_firmwarew1a76aw1a33a7kw67aw1a28a_firmware7kw49a_firmwarew1a32a_firmware7kw59a_firmwarew1a60a_firmwarew1a34aw1y47aw1a63a_firmwarew1y45a_firmwarew1a35aw1y40aw1y40a_firmwarew1a52aw1a38a7kw74aw1a80aw1y43aw1a31a7kw56a7kw57aw1a48a_firmware7kw73a_firmwarew1a57a_firmwarew1a81a_firmwarew1a79aw1a56aw1a38a_firmware7kw76a7kw58a_firmware7kw48a7kw72a_firmwarew1a58a_firmwarew1a47a7kw77a_firmware7kw72aw1a56a_firmware7kw48a_firmwarew1a66aw1a58aw1a79a_firmwarew1a51a_firmwarew1y43a_firmwarew1y44a7kw79aw1y41a_firmware7kw58aw1a77a_firmware7kw77a7kw63a_firmware7kw78a7kw65a7kw64a7kw54a_firmwarew1a53aw1y44a_firmwarew1y46a_firmwarew1a59aw1a75aw1a53a_firmwarew1a78aw1a30a7kw68a_firmware7kw51a_firmwarew1y46aw1a57a7kw65a_firmwarew1a51aw1a29aw1a47a_firmware7kw63a7kw79a_firmwarew1a48a7kw74a_firmware93m22a_firmwarew1a60aw1a46a_firmwarew1a31a_firmwarew1a46aw1a75a_firmwarew1a34a_firmwarew1y45a7kw51aw1a76a_firmware7kw76a_firmwarew1a32aw1y41aw1a82a_firmwarew1a52a_firmware93m22aw1a81aw1a33a_firmware7kw50aw1a59a_firmware7kw75a7kw56a_firmware7kw55a_firmwarew1a28aw1a80a_firmware7kw50a_firmwarew1a66a_firmwarew1a78a_firmware7kw54aw1a29a_firmware7kw49a7kw73a7kw78a_firmware7kw67a_firmwareHP LaserJet Pro MFP M428-M429 f seriesHP LaserJet Pro M304-M305 Printer seriesHP Color LaserJet Pro M453-M454 seriesHP Color LaserJet MFP M478-M479 seriesHP LaserJet Pro M404-M405 Printer seriesHP LaserJet Pro MFP M428-M429 series
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-12785
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 8.30%
||
7 Day CHG~0.00%
Published-13 Nov, 2025 | 17:38
Updated-13 Feb, 2026 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Certain HP LaserJet Pro Printers – Potential Information Disclosure

Certain HP LaserJet Pro printers may be vulnerable to information disclosure leading to credential exposure by altering the scan/send destination address and/or modifying the LDAP Server.

Action-Not Available
Vendor-HP IncHP Inc.
Product-7kw59a7kw64a_firmwarew1a63a7kw68a7kw75a_firmware7kw57a_firmwarew1a82aw1a77a7kw66aw1a30a_firmwarew1a35a_firmware7kw55a7kw66a_firmwarew1y47a_firmwarew1a76aw1a33a7kw67aw1a28a_firmware7kw49a_firmwarew1a32a_firmware7kw59a_firmwarew1a60a_firmwarew1a34aw1y47aw1a63a_firmwarew1y45a_firmwarew1a35aw1y40aw1y40a_firmwarew1a52aw1a38a7kw74aw1a80aw1y43aw1a31a7kw56a7kw57aw1a48a_firmware7kw73a_firmwarew1a57a_firmwarew1a81a_firmwarew1a79aw1a56aw1a38a_firmware7kw76a7kw58a_firmware7kw48a7kw72a_firmwarew1a58a_firmwarew1a47a7kw77a_firmware7kw72aw1a56a_firmware7kw48a_firmwarew1a66aw1a58aw1a79a_firmwarew1a51a_firmwarew1y43a_firmwarew1y44a7kw79aw1y41a_firmware7kw58aw1a77a_firmware7kw77a7kw63a_firmware7kw78a7kw65a7kw64a7kw54a_firmwarew1a53aw1y44a_firmwarew1y46a_firmwarew1a59aw1a75aw1a53a_firmwarew1a78aw1a30a7kw68a_firmware7kw51a_firmwarew1y46aw1a57a7kw65a_firmwarew1a51aw1a29aw1a47a_firmware7kw63a7kw79a_firmwarew1a48a7kw74a_firmware93m22a_firmwarew1a60aw1a46a_firmwarew1a31a_firmwarew1a46aw1a75a_firmwarew1a34a_firmwarew1y45a7kw51aw1a76a_firmware7kw76a_firmwarew1a32aw1y41aw1a82a_firmwarew1a52a_firmware93m22aw1a81aw1a33a_firmware7kw50aw1a59a_firmware7kw75a7kw56a_firmware7kw55a_firmwarew1a28aw1a80a_firmware7kw50a_firmwarew1a66a_firmwarew1a78a_firmware7kw54aw1a29a_firmware7kw49a7kw73a7kw78a_firmware7kw67a_firmwareHP LaserJet Pro MFP M428-M429 f seriesHP LaserJet Pro M304-M305 Printer seriesHP Color LaserJet Pro M453-M454 seriesHP Color LaserJet MFP M478-M479 seriesHP LaserJet Pro M404-M405 Printer seriesHP LaserJet Pro MFP M428-M429 series
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-8985
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 23.63%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HPE XP Storage using Hitachi Global Link Manager (HGLM) has a local authenticated information disclosure vulnerability in HGLM version HGLM 6.3.0-00 to 8.5.2-00.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-xp_storage_hitachi_global_link_managerXP Storage using HGLM
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-8950
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-5.5||MEDIUM
EPSS-0.60% / 69.46%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-17 Sep, 2024 | 00:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Disclosure of Sensitive Information vulnerability in HPE SiteScope version v11.2x, v11.3x was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-sitescopeSiteScope
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-9000
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-1.29% / 79.76%
||
7 Day CHG~0.00%
Published-06 Aug, 2018 | 20:00
Updated-05 Aug, 2024 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ArubaOS, all versions prior to 6.3.1.25, 6.4 prior to 6.4.4.16, 6.5.x prior to 6.5.1.9, 6.5.2, 6.5.3 prior to 6.5.3.3, 6.5.4 prior to 6.5.4.2, 8.x prior to 8.1.0.4 FIPS and non-FIPS versions of software are both affected equally is vulnerable to unauthenticated arbitrary file access. An unauthenticated user with network access to an Aruba mobility controller on TCP port 8080 or 8081 may be able to access arbitrary files stored on the mobility controller. Ports 8080 and 8081 are used for captive portal functionality and are listening, by default, on all IP interfaces of the mobility controller, including captive portal interfaces. The attacker could access files which could contain passwords, keys, and other sensitive information that could lead to full system compromise.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-arubaosArubaOS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-1999-0524
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.65% / 70.84%
||
7 Day CHG~0.00%
Published-04 Feb, 2000 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.

Action-Not Available
Vendor-windriverscon/aOracle CorporationApple Inc.HP Inc.Microsoft CorporationLinux Kernel Organization, IncIBM CorporationCisco Systems, Inc.Silicon Graphics, Inc.Novell
Product-mac_os_xbsdosirixnetwarewindowsos2solaristru64ioshp-uxaixmacoslinux_kernelsco_unixn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-8978
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-4.6||MEDIUM
EPSS-0.24% / 47.35%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Unauthorized Disclosure of Information vulnerability in HPE IceWall Products version MFA 4.0 proxy was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-icewall_ssoicewall_mfaicewall_mcrpIceWall Products
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-8970
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-5.3||MEDIUM
EPSS-0.76% / 73.41%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-17 Sep, 2024 | 00:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote unauthenticated disclosure of information vulnerability in HPE Matrix Operating Environment version 7.6 LR1 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-matrix_operating_environmentMatrix Operating Environment
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-8980
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.5||HIGH
EPSS-2.35% / 84.96%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-17 Sep, 2024 | 02:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Disclosure of Information vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centerIntelligent Management Center (iMC) PLAT
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-8951
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.8||HIGH
EPSS-0.37% / 58.83%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Disclosure of Sensitive Information vulnerability in HPE SiteScope version v11.2x, v11.3x was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-sitescopeSiteScope
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-8360
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.20% / 41.89%
||
7 Day CHG~0.00%
Published-12 May, 2017 | 06:54
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Conexant Systems mictray64 task, as used on HP Elite, EliteBook, ProBook, and ZBook systems, leaks sensitive data (keystrokes) to any process. In mictray64.exe (mic tray icon) 1.0.0.46, a LowLevelKeyboardProc Windows hook is used to capture keystrokes. This data is leaked via unintended channels: debug messages accessible to any process that is running in the current user session, and filesystem access to C:\Users\Public\MicTray.log by any process.

Action-Not Available
Vendor-conexantn/aHP Inc.Microsoft Corporation
Product-windows_7elitebook_725_g3probook_446_g3zbook_15_g3probook_655_g2probook_470_g3elitebook_820_g3probook_645_g2windows_10probook_440_g3zbook_15u_g3elitebook_848_g3probook_640_g2zbook_17_g3mictray64elitebook_755_g3elitebook_828_g3elitebook_745_g3elitebook_folio_1040_g3elitebook_850_g3elite_x2_1012_g1zbook_studio_g3elitebook_840_g3elitebook_1030_g1probook_430_g3probook_455_g3probook_450_g3probook_650_g2elitebook_folio_g1n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-5801
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.5||HIGH
EPSS-5.27% / 90.04%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 20:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Unauthorized Access to Data vulnerability in HPE Business Process Monitor version v09.2x, v09.30 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-business_process_monitorBusiness Process Monitor
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-5795
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-6.5||MEDIUM
EPSS-0.56% / 68.31%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 22:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Local Arbitrary File Download vulnerability in HPE Intelligent Management Center (IMC) version PLAT 7.2 E0403P06 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centerIntelligent Management Center (IMC) PLAT
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-5797
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.5||HIGH
EPSS-2.05% / 83.96%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Unauthenticated Disclosure of Information vulnerability in HPE Intelligent Management Center (IMC) SOM version v7.3 (E0501) was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centerIntelligent Management Center (IMC)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-5811
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.5||HIGH
EPSS-14.17% / 94.40%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-17 Sep, 2024 | 00:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-network_automationNetwork Automation
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-5803
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.5||HIGH
EPSS-7.24% / 91.66%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-17 Sep, 2024 | 01:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Disclosure of Information vulnerability in HPE NonStop Servers using SSH Service version L series: T0801L02 through T0801L02^ABX; J and H series: T0801H01 through T0801H01^ACA was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-nonstop_server_softwarenonstop_serverNonStop Servers using SSH Service
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2012-3248
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-5||MEDIUM
EPSS-0.69% / 71.82%
||
7 Day CHG~0.00%
Published-16 Aug, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Fortify Software Security Center 3.1, 3.3, 3.4, and 3.5 allows remote attackers to obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-fortify_software_security_centern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-2744
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.17% / 37.06%
||
7 Day CHG~0.00%
Published-23 Jan, 2018 | 16:00
Updated-17 Sep, 2024 | 04:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The vulnerability allows attacker to extract binaries into protected file system locations in HP Support Assistant before 12.7.26.1.

Action-Not Available
Vendor-HP Inc.
Product-support_assistantHP Support Assistant
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2012-3249
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-4||MEDIUM
EPSS-0.24% / 46.69%
||
7 Day CHG~0.00%
Published-16 Aug, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Fortify Software Security Center 3.1, 3.3, 3.4, and 3.5 allows remote authenticated users to obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-fortify_software_security_centern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-17556
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.13% / 31.95%
||
7 Day CHG~0.00%
Published-15 Dec, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A debug tool in Synaptics TouchPad drivers allows local users with administrative access to obtain sensitive information about keyboard scan codes by modifying registry keys.

Action-Not Available
Vendor-n/aHP Inc.
Product-synaptics_touchpad_drivern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2012-1994
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-5.7||MEDIUM
EPSS-0.65% / 70.87%
||
7 Day CHG~0.00%
Published-10 Feb, 2020 | 15:31
Updated-06 Aug, 2024 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Systems Insight Manager before 7.0 allows a remote user on adjacent network to access information

Action-Not Available
Vendor-HPHP Inc.
Product-systems_insight_managerHP Systems Insight Manager
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-13991
Matching Score-6
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-6
Assigner-OpenText (formerly Micro Focus)
CVSS Score-5.3||MEDIUM
EPSS-0.55% / 68.05%
||
7 Day CHG~0.00%
Published-29 Sep, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of product license features.

Action-Not Available
Vendor-n/aHP Inc.
Product-arcsight_enterprise_security_managerarcsight_enterprise_security_manager_expressn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-13990
Matching Score-6
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-6
Assigner-OpenText (formerly Micro Focus)
CVSS Score-5.3||MEDIUM
EPSS-0.55% / 68.05%
||
7 Day CHG~0.00%
Published-29 Sep, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of Apache Tomcat application server version.

Action-Not Available
Vendor-n/aHP Inc.
Product-arcsight_enterprise_security_managerarcsight_enterprise_security_manager_expressn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-12555
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-6.5||MEDIUM
EPSS-0.57% / 68.81%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-17 Sep, 2024 | 02:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote arbitrary file download and disclosure of information vulnerability in HPE Intelligent Management Center (iMC) Service Operation Management (SOM) version IMC SOM 7.3 E0501 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centerIntelligent Management Center (iMC) Service Operation Management (SOM)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-2025
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.65% / 70.89%
||
7 Day CHG~0.00%
Published-30 May, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HPE Service Manager 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote attackers to obtain sensitive information via unspecified vectors, related to the Web Client, Service Request Catalog, and Mobility components.

Action-Not Available
Vendor-n/aHP Inc.
Product-service_managern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2012-0130
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-5||MEDIUM
EPSS-1.18% / 78.83%
||
7 Day CHG~0.00%
Published-04 Apr, 2012 | 23:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Onboard Administrator (OA) before 3.50 allows remote attackers to obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-onboard_administratorn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-8525
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.5||HIGH
EPSS-6.51% / 91.15%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Disclosure of Information vulnerability in HPE iMC PLAT version v7.2 E0403P06 and earlier was found. The problem was resolved in iMC PLAT 7.3 E0504 or subsequent version.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centeriMC PLAT
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-8963
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 13.89%
||
7 Day CHG~0.00%
Published-01 Feb, 2017 | 22:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM BigFix Inventory v9 stores potentially sensitive information in log files that could be read by a local user.

Action-Not Available
Vendor-Linux Kernel Organization, IncOracle CorporationHP Inc.IBM CorporationMicrosoft Corporation
Product-bigfix_inventorylicense_metric_toolaixsolarishp-uxlinux_kernelwindowsBigFix Inventory
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-4785
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-7.8||HIGH
EPSS-1.72% / 82.50%
||
7 Day CHG~0.00%
Published-10 Jan, 2012 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in the HP-ChaiSOE/1.0 web server on the HP LaserJet P3015 printer with firmware before 07.080.3, LaserJet 4650 printer with firmware 07.006.0, and LaserJet 2430 printer with firmware 08.113.0_I35128 allows remote attackers to read arbitrary files via unspecified vectors, a different vulnerability than CVE-2008-4419.

Action-Not Available
Vendor-n/aHP Inc.
Product-laserjet_2430hp-chaisoelaserjet_4650laserjet_p3015n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-8977
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.23% / 46.00%
||
7 Day CHG~0.00%
Published-01 Feb, 2017 | 22:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM BigFix Inventory v9 could disclose sensitive information to an unauthorized user using HTTP GET requests. This information could be used to mount further attacks against the system.

Action-Not Available
Vendor-Linux Kernel Organization, IncOracle CorporationHP Inc.IBM CorporationMicrosoft Corporation
Product-bigfix_inventorylicense_metric_toolaixsolarishp-uxlinux_kernelwindowsBigFix Inventory
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-8981
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 16.55%
||
7 Day CHG~0.00%
Published-01 Feb, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM BigFix Inventory v9 allows web pages to be stored locally which can be read by another user on the system.

Action-Not Available
Vendor-Linux Kernel Organization, IncOracle CorporationHP Inc.IBM CorporationMicrosoft Corporation
Product-bigfix_inventorylicense_metric_toolaixsolarishp-uxlinux_kernelwindowsBigFix Inventory
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-8966
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.19% / 40.68%
||
7 Day CHG~0.00%
Published-01 Feb, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM BigFix Inventory v9 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.

Action-Not Available
Vendor-Linux Kernel Organization, IncOracle CorporationHP Inc.IBM CorporationMicrosoft Corporation
Product-bigfix_inventorylicense_metric_toolaixsolarishp-uxlinux_kernelwindowsBigFix Inventory
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-8531
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-5.3||MEDIUM
EPSS-0.55% / 67.90%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 19:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote information disclosure vulnerability in HPE Matrix Operating Environment version 7.6 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-matrix_operating_environmentMatrix Operating Environment
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-7196
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 36.20%
||
7 Day CHG~0.00%
Published-26 Oct, 2020 | 15:05
Updated-04 Aug, 2024 | 09:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HPE BlueData EPIC Software Platform version 4.0 and HPE Ezmeral Container Platform 5.0 use an insecure method of handling sensitive Kerberos passwords that is susceptible to unauthorized interception and/or retrieval. Specifically, they display the kdc_admin_password in the source file of the url "/bdswebui/assignusers/".

Action-Not Available
Vendor-n/aHP Inc.
Product-ezmeral_container_platformbluedata_epicBlueData EPIC Software; HPE Ezmeral Container Platform
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2020-7130
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.5||HIGH
EPSS-4.25% / 88.84%
||
7 Day CHG~0.00%
Published-04 Mar, 2020 | 20:21
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HPE OneView Global Dashboard (OVGD) 1.9 has a remote information disclosure vulnerability. HPE OneView Global Dashboard - After Upgrade or Install of OVGD Version 1.9, Appliance Firewall May Leave Ports Open. This is resolved in OVGD 1.91 or later.

Action-Not Available
Vendor-n/aHP Inc.
Product-oneview_global_dashboardHPE OneView Global Dashboard
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-3163
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-1.2||LOW
EPSS-0.19% / 40.27%
||
7 Day CHG~0.00%
Published-23 Oct, 2011 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP MFP Digital Sending Software 4.9x through 4.91.21 allows local users to obtain sensitive workflow-metadata information via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-multifunction_peripheral_digital_sending_softwaren/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-4367
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.54% / 81.48%
||
7 Day CHG~0.00%
Published-08 Jun, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Universal Discovery component in HPE Universal CMDB 10.0, 10.01, 10.10, 10.11, 10.20, and 10.21 allows remote attackers to obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-universal_cmbd_foundationn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-4378
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.79% / 74.00%
||
7 Day CHG~0.00%
Published-26 Aug, 2016 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The (1) Device Manager, (2) Tiered Storage Manager, (3) Replication Manager, (4) Replication Monitor, and (5) Hitachi Automation Director (HAD) components in HPE XP P9000 Command View Advanced Edition Software before 8.4.1-00 and XP7 Command View Advanced Edition Suite before 8.4.1-00 allow remote attackers to obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-xp7_command_viewxp_9000_command_viewn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found