ByteOS Network

Vulnerability Details :

CVE-2015-0839

Assigner-debian

Assigner Org ID-79363d38-fa19-49d1-9214-5f28da3f3ac5

Published At-02 Aug, 2017 | 19:00

Updated At-06 Aug, 2024 | 04:26

The hp-plugin utility in HP Linux Imaging and Printing (HPLIP) makes it easier for man-in-the-middle attackers to execute arbitrary code by leveraging use of a short GPG key id from a keyserver to verify print plugin downloads.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:debian

Assigner Org ID:79363d38-fa19-49d1-9214-5f28da3f3ac5

Published At:02 Aug, 2017 | 19:00

Updated At:06 Aug, 2024 | 04:26

▼CVE Numbering Authority (CNA)

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
https://bugs.launchpad.net/hplip/+bug/1432516	x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=1227252	x_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162880.html	vendor-advisory x_refsource_FEDORA
http://www.openwall.com/lists/oss-security/2015/05/29/2	mailing-list x_refsource_MLIST
http://www.ubuntu.com/usn/USN-2699-1	vendor-advisory x_refsource_UBUNTU
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162442.html	vendor-advisory x_refsource_FEDORA
http://www.securityfocus.com/bid/74913	vdb-entry x_refsource_BID

Hyperlink: https://bugs.launchpad.net/hplip/+bug/1432516

Resource:

x_refsource_CONFIRM

Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=1227252

Resource:

x_refsource_CONFIRM

Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162880.html

Resource:

vendor-advisory

x_refsource_FEDORA

Hyperlink: http://www.openwall.com/lists/oss-security/2015/05/29/2

Resource:

mailing-list

x_refsource_MLIST

Hyperlink: http://www.ubuntu.com/usn/USN-2699-1

Resource:

vendor-advisory

x_refsource_UBUNTU

Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162442.html

Resource:

vendor-advisory

x_refsource_FEDORA

Hyperlink: http://www.securityfocus.com/bid/74913

Resource:

vdb-entry

x_refsource_BID

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
https://bugs.launchpad.net/hplip/+bug/1432516	x_refsource_CONFIRM x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=1227252	x_refsource_CONFIRM x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162880.html	vendor-advisory x_refsource_FEDORA x_transferred
http://www.openwall.com/lists/oss-security/2015/05/29/2	mailing-list x_refsource_MLIST x_transferred
http://www.ubuntu.com/usn/USN-2699-1	vendor-advisory x_refsource_UBUNTU x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162442.html	vendor-advisory x_refsource_FEDORA x_transferred
http://www.securityfocus.com/bid/74913	vdb-entry x_refsource_BID x_transferred

Hyperlink: https://bugs.launchpad.net/hplip/+bug/1432516

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=1227252

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162880.html

Resource:

vendor-advisory

x_refsource_FEDORA

x_transferred

Hyperlink: http://www.openwall.com/lists/oss-security/2015/05/29/2

Resource:

mailing-list

x_refsource_MLIST

x_transferred

Hyperlink: http://www.ubuntu.com/usn/USN-2699-1

Resource:

vendor-advisory

x_refsource_UBUNTU

x_transferred

Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162442.html

Resource:

vendor-advisory

x_refsource_FEDORA

x_transferred

Hyperlink: http://www.securityfocus.com/bid/74913

Resource:

vdb-entry

x_refsource_BID

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:security@debian.org

Published At:02 Aug, 2017 | 19:29

Updated At:20 Apr, 2025 | 01:37

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	8.1	HIGH	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary	2.0	6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P

Type: Primary

Version: 3.0

Base score: 8.1

Base severity: HIGH

Vector:

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Primary

Version: 2.0

Base score: 6.8

Base severity: MEDIUM

Vector:

AV:N/AC:M/Au:N/C:P/I:P/A:P

CPE Matches

HP Inc.

>>linux_imaging_and_printing>>Versions up to 3.17.7(inclusive)

cpe:2.3:a:hp:linux_imaging_and_printing:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-320	Primary	nvd@nist.gov

CWE ID: CWE-320

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162442.html	security@debian.org	Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162880.html	security@debian.org	Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/05/29/2	security@debian.org	Mailing List Third Party Advisory
http://www.securityfocus.com/bid/74913	security@debian.org	Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-2699-1	security@debian.org	Third Party Advisory
https://bugs.launchpad.net/hplip/+bug/1432516	security@debian.org	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1227252	security@debian.org	Issue Tracking Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162442.html	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162880.html	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/05/29/2	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory
http://www.securityfocus.com/bid/74913	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-2699-1	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://bugs.launchpad.net/hplip/+bug/1432516	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1227252	af854a3a-2127-422b-91ae-364da2661108	Issue Tracking Third Party Advisory

Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162442.html

Source: security@debian.org

Resource:

Third Party Advisory

Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162880.html

Source: security@debian.org

Resource:

Third Party Advisory

Hyperlink: http://www.openwall.com/lists/oss-security/2015/05/29/2

Source: security@debian.org

Resource:

Mailing List

Third Party Advisory

Hyperlink: http://www.securityfocus.com/bid/74913

Source: security@debian.org

Resource:

Third Party Advisory

VDB Entry

Hyperlink: http://www.ubuntu.com/usn/USN-2699-1

Source: security@debian.org

Resource:

Third Party Advisory

Hyperlink: https://bugs.launchpad.net/hplip/+bug/1432516

Source: security@debian.org

Resource:

Third Party Advisory

Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=1227252

Source: security@debian.org

Resource:

Issue Tracking

Third Party Advisory

Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162442.html

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Third Party Advisory

Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162880.html

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Third Party Advisory

Hyperlink: http://www.openwall.com/lists/oss-security/2015/05/29/2

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Mailing List

Third Party Advisory

Hyperlink: http://www.securityfocus.com/bid/74913

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Third Party Advisory

VDB Entry

Hyperlink: http://www.ubuntu.com/usn/USN-2699-1

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Third Party Advisory

Hyperlink: https://bugs.launchpad.net/hplip/+bug/1432516

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Third Party Advisory

Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=1227252

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Issue Tracking

Third Party Advisory

Similar CVEs

67Records found

CVE-2018-3183

Matching Score-8

Assigner-Oracle

View Details

Matching Score-8

Assigner-Oracle

CVSS Score-9||CRITICAL

EPSS-0.29% / 51.91%

7 Day CHG~0.00%

Published-17 Oct, 2018 | 01:00

Updated-02 Oct, 2024 | 19:38

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Scripting). Supported versions that are affected are Java SE: 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).

CVE-2016-4389

Matching Score-8

Assigner-MITRE Corporation

View Details

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-8.1||HIGH

EPSS-2.02% / 83.04%

7 Day CHG~0.00%

Published-05 Oct, 2016 | 10:00

Updated-12 Apr, 2025 | 10:46

The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4388, and CVE-2016-4390.

Vendor-n/a HP Inc.

Product-keyview n/a

CVE-2011-0277

Matching Score-8

Assigner-HP Inc.

View Details

Matching Score-8

Assigner-HP Inc.

CVSS Score-6.8||MEDIUM

EPSS-0.17% / 38.34%

7 Day CHG~0.00%

Published-09 Feb, 2011 | 00:00

Updated-11 Apr, 2025 | 00:51

Cross-site request forgery (CSRF) vulnerability in HP Power Manager (HPPM) 4.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts.

Vendor-n/a HP Inc.

Product-power_manager n/a

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2017-5813

Matching Score-8

Assigner-Hewlett Packard Enterprise (HPE)

View Details

Matching Score-8

Assigner-Hewlett Packard Enterprise (HPE)

CVSS Score-6.3||MEDIUM

EPSS-0.49% / 64.72%

7 Day CHG~0.00%

Published-15 Feb, 2018 | 22:00

Updated-16 Sep, 2024 | 19:35

A remote unauthenticated access vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.

Vendor-HP Inc.Hewlett Packard Enterprise (HPE)

Product-network_automation Network Automation

CVE-2010-3989

Matching Score-8

Assigner-HP Inc.

View Details

Matching Score-8

Assigner-HP Inc.

CVSS Score-6.8||MEDIUM

EPSS-0.13% / 33.25%

7 Day CHG~0.00%

Published-28 Oct, 2010 | 19:00

Updated-11 Apr, 2025 | 00:51

Cross-site request forgery (CSRF) vulnerability in HP Insight Control Virtual Machine Management before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Vendor-n/a HP Inc.

Product-insight_control_virtual_machine_management n/a

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2010-1968

Matching Score-8

Assigner-HP Inc.

View Details

Matching Score-8

Assigner-HP Inc.

CVSS Score-6.8||MEDIUM

EPSS-0.15% / 35.68%

7 Day CHG~0.00%

Published-14 Jul, 2010 | 18:31

Updated-11 Apr, 2025 | 00:51

Cross-site request forgery (CSRF) vulnerability in HP Insight Software Installer for Windows before 6.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, a different vulnerability than CVE-2010-1971.

Vendor-n/a HP Inc.Microsoft Corporation

Product-windows insight_software_installer n/a

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2018-5921

Matching Score-8

Assigner-HP Inc.

View Details

Matching Score-8

Assigner-HP Inc.

CVSS Score-8.8||HIGH

EPSS-0.22% / 44.28%

7 Day CHG~0.00%

Published-03 Oct, 2018 | 20:00

Updated-17 Sep, 2024 | 02:12

A potential security vulnerability has been identified with certain HP printers and MFPs in 2405129_000052 and other firmware versions. This vulnerability is known as Cross Site Request Forgery, and could potentially be exploited remotely to allow elevation of privilege.

Vendor-HP Inc.

Product-j8a13a_firmware cf068a l2683a f2a79a_firmware z8z13a_firmware j8a12a j8j78a_firmware j8a10a j7z98a f2a77a j7x28a j8a11a_firmware l3u45a b5l26a_firmware j8j76a j8a06a l1h45a l3u50a j8j74a p7z47a l3u62a_firmware h0dc9a l3u57a_firmware f2a81a_firmware x3a71a f2a71a_firmware d7p68a_firmware z8z23a_firmware l3u41a_firmware cz248a_firmware l3u63a cz249a_firmware x3a80a_firmware l3u48a x3a81a cf067a_firmware l8z07a_firmware g1w47v j8j80a_firmware g1w41a p7z48a x3a65a f2a80a_firmware l3u69a_firmware l3u43a_firmware cd645a_firmware b3g84a g1w39a j8j73a_firmware c2s12v z8z01a_firmware g1w39a_firmware l3u67a l3u70a b3g85a_firmware g1w40v z8z16a_firmware cc523a_firmware z8z22a_firmware c2s11v_firmware cz249a j7z98a_firmware x3a62a_firmware cf066a_firmware z8z11a_firmware j8j74a_firmware f2a71a m0p36a a2w75a_firmware g1w46v l3u49a cf117a_firmware j8a17a l3u42a_firmware cf116a j8j79a z8z08a_firmware m0p40a z8z21a l3u51a a2w79a_firmware a2w76a_firmware c2s11v j8j66a cz250a_firmware h0dc9a_firmware j8j71a_firmware j8a10a_firmware z8z08a j8j63a b5l46a_firmware x3a80a p7z48a_firmware b5l47a_firmware b5l49a a2w77a z8z11a d7p73a x3a63a_firmware l1h45a_firmware x3a66a k0q21a z8z04a c2s12v_firmware m0p39a_firmware z8z12a_firmware x3a60a_firmware k0q22a g1w40a b3g85a a2w75a z8z04a_firmware cd644a_firmware cz244a_firmware c2s12a l3u42a z8z19a l3u55a_firmware z8z05a_firmware cz245a f2a70a_firmware k0q17a z8z21a_firmware b5l39a_firmware g1w47a_firmware j7z06a_firmware cz248a l3u59a_firmware x3a93a_firmware x3a89a l3u48a_firmware z8z17a_firmware x3a79a_firmware g1w40a_firmware ca251a_firmware b5l39a j7x28a_firmware k0q18a_firmware d7p71a_firmware k0q14a_firmware x3a84a_firmware l3u46a_firmware cf069a a2w78a_firmware x3a81a_firmware k0q19a g1w41v x3a63a j8j71a x3a60a j8a16a_firmware l3u43a z8z18a j8a04a_firmware k0q21a_firmware l3u52a_firmware x3a83a_firmware cd645a cf367a_firmware l3u45a_firmware cf068a_firmware j8j80a d7p73a_firmware cc522a_firmware cc524a_firmware z8z02a a2w78a x3a75a_firmware b5l54a_firmware l3u62a b5l48a_firmware cc523a a2w79a z8z09a f2a78v j8j66a_firmware l8z07a x3a79a a2w76a j8a06a_firmware z8z02a_firmware x3a74a_firmware l2683a_firmware l3u49a_firmware x3a87a_firmware x3a77a f2a67a_firmware x3a62a g1w41v_firmware x3a65a_firmware j8a16a z8z14a l3u60a x3a86a z8z18a_firmware j8j72a_firmware cz245a_firmware cc524a z8z23a l3u41a z8z16a l3u56a_firmware j7z04a_firmware x3a59a cc522a j8j65a_firmware g1w47v_firmware c2s11a m0p40a_firmware e6b71a_firmware x3a84a z8z17a j8a13a e6b73a_firmware cf069a_firmware m0p33a m0p35a p7z47a_firmware cz250a d7p68a d7p70a z8z13a l3u44a_firmware z8z19a_firmware l3u47a c2s12a_firmware l3u70a_firmware x3a77a_firmware l3u47a_firmware m0p32a j8j64a j7z04a cf118a cd646a_firmware l3u46a j8j70a l3u69a x3a69a_firmware l2762a_firmware j7z99a l3u57a x3a72a_firmware ca251a m0p32a_firmware g1w46v_firmware b5l07a k0q20a_firmware x3a66a_firmware b5l07a_firmware f2a79a x3a92a j8a17a_firmware b5l05a cz244a j8a12a_firmware cf067a z8z07a_firmware z8z09a_firmware x3a86a_firmware d7p70a_firmware b5l06a k0q15a_firmware z8z15a_firmware k0q18a b5l50a g1w39v_firmware l3u61a z8z07a b5l04a k0q17a_firmware g1w39v z8z05a f2a76a x3a92a_firmware b3g84a_firmware l3u67a_firmware m0p35a_firmware z8z06a_firmware l3u59a j8j72a cf117a cf118a_firmware l3u64a z8z03a z8z03a_firmware l3u51a_firmware l3u44a cf066a j8a05a_firmware l3u55a b5l04a_firmware k0q15a l3u66a_firmware k0q19a_firmware a2w77a_firmware j7z99a_firmware j8j67a x3a83a z8z01a b5l06a_firmware z8z10a_firmware f2a67a j8a05a x3a75a e6b73a l3u61a_firmware j8j64a_firmware b5l47a j8j76a_firmware b5l48a f2a81a z8z15a x3a78a b5l50a_firmware b5l49a_firmware j8j67a_firmware l3u56a j8j63a_firmware z8z06a b5l54a l3u40a_firmware l3u65a l3u64a_firmware cd644a m0p33a_firmware b5l46a z8z00a x3a90a m0p36a_firmware x3a71a_firmware g1w46a_firmware l2762a j8j70a_firmware c2s11a_firmware e6b71a j8a11a f2a76a_firmware z8z22a b5l05a_firmware x3a90a_firmware f2a77a_firmware x3a89a_firmware z8z20a l3u52a cd646a z8z10a l3u65a_firmware j7z06a j8j65a l3u50a_firmware x3a72a x3a78a_firmware g1w40v_firmware l3u66a cf116a_firmware b3g86a b3g86a_firmware x3a59a_firmware m0p39a x3a87a g1w41a_firmware l3u63a_firmware j8a04a z8z00a_firmware x3a74a j8j78a z8z14a_firmware k0q20a l3u40a k0q22a_firmware z8z20a_firmware x3a68a k0q14a d7p71a x3a68a_firmware g1w47a j8j79a_firmware z8z12a g1w46a b5l26a x3a69a f2a78v_firmware j8j73a f2a70a f2a80a x3a93a cf367a Certain HP Enterprise Printers, HP PageWide Printers, and MFP Products

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2018-7097

Matching Score-8

Assigner-Hewlett Packard Enterprise (HPE)

View Details

Matching Score-8

Assigner-Hewlett Packard Enterprise (HPE)

CVSS Score-8.8||HIGH

EPSS-0.90% / 74.69%

7 Day CHG~0.00%

Published-14 Aug, 2018 | 14:00

Updated-05 Aug, 2024 | 06:17

A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow cross-site request forgery.

Vendor-HP Inc.Hewlett Packard Enterprise (HPE)

Product-3par_service_provider HPE 3PAR Service Processors

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2018-3180

Matching Score-8

Assigner-Oracle

View Details

Matching Score-8

Assigner-Oracle

CVSS Score-5.6||MEDIUM

EPSS-0.06% / 17.25%

7 Day CHG~0.00%

Published-17 Oct, 2018 | 01:00

Updated-02 Oct, 2024 | 19:39

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L).

CVE-2015-5445

Matching Score-8

Assigner-HP Inc.

View Details

Matching Score-8

Assigner-HP Inc.

CVSS Score-8.8||HIGH

EPSS-0.09% / 26.96%

7 Day CHG~0.00%

Published-05 Jan, 2016 | 11:00

Updated-12 Apr, 2025 | 10:46

Cross-site request forgery (CSRF) vulnerability in HP StoreOnce Backup system software before 3.13.1 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.

Vendor-n/a HP Inc.

Product-storeonce_backup_system_software n/a

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2015-5451

Matching Score-8

Assigner-HP Inc.

View Details

Matching Score-8

Assigner-HP Inc.

CVSS Score-6.8||MEDIUM

EPSS-0.11% / 30.64%

7 Day CHG~0.00%

Published-23 Nov, 2015 | 02:00

Updated-12 Apr, 2025 | 10:46

Cross-site request forgery (CSRF) vulnerability in HP Operations Orchestration Central 10.x before 10.22.001 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Vendor-n/a HP Inc.

Product-operations_orchestration n/a

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2014-7874

Matching Score-8

Assigner-HP Inc.

View Details

Matching Score-8

Assigner-HP Inc.

CVSS Score-6.8||MEDIUM

EPSS-0.16% / 37.52%

7 Day CHG~0.00%

Published-19 Oct, 2014 | 01:00

Updated-12 Apr, 2025 | 10:46

Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 3.2.3 on HP-UX B.11.23, and before 3.2.8 on HP-UX B.11.31, allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Vendor-n/a HP Inc.

Product-system_management_homepage hp-ux n/a

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2012-5216

Matching Score-8

Assigner-HP Inc.

View Details

Matching Score-8

Assigner-HP Inc.

CVSS Score-6.8||MEDIUM

EPSS-0.13% / 33.52%

7 Day CHG~0.00%

Published-28 Mar, 2013 | 23:00

Updated-11 Apr, 2025 | 00:51

Cross-site request forgery (CSRF) vulnerability on HP ProCurve 1700-8 (aka J9079A) switches with software before VA.02.09 and 1700-24 (aka J9080A) switches with software before VB.02.09 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Vendor-n/a HP Inc.

Product-procurve_switch_1700-24 procurve_switch_1700-8 procurve_switch_software n/a

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2013-6192

Matching Score-8

Assigner-HP Inc.

View Details

Matching Score-8

Assigner-HP Inc.

CVSS Score-6.8||MEDIUM

EPSS-0.12% / 31.53%

7 Day CHG~0.00%

Published-17 Dec, 2013 | 02:00

Updated-11 Apr, 2025 | 00:51

Cross-site request forgery (CSRF) vulnerability in HP Operations Orchestration before 9 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Vendor-n/a HP Inc.

Product-operations_orchestration n/a

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2020-6919

Matching Score-8

Assigner-HP Inc.

View Details

Matching Score-8

Assigner-HP Inc.

CVSS Score-7.8||HIGH

EPSS-0.52% / 65.85%

7 Day CHG~0.00%

Published-16 Feb, 2022 | 16:37

Updated-04 Aug, 2024 | 09:18

Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software.

Vendor-n/a HP Inc.

Product-support_assistant HP Support Assistant

CVE-2020-6921

Matching Score-8

Assigner-HP Inc.

View Details

Matching Score-8

Assigner-HP Inc.

CVSS Score-7.8||HIGH

EPSS-0.64% / 69.63%

7 Day CHG~0.00%

Published-16 Feb, 2022 | 16:38

Updated-04 Aug, 2024 | 09:18

Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software.

Vendor-n/a HP Inc.

Product-support_assistant HP Support Assistant

CVE-2020-7201

Matching Score-8

Assigner-Hewlett Packard Enterprise (HPE)

View Details

Matching Score-8

Assigner-Hewlett Packard Enterprise (HPE)

CVSS Score-8.8||HIGH

EPSS-0.18% / 40.52%

7 Day CHG~0.00%

Published-18 Dec, 2020 | 22:20

Updated-04 Aug, 2024 | 09:25

A potential security vulnerability has been identified in the HPE StoreEver MSL2024 Tape Library and HPE StoreEver 1/8 G2 Tape Autoloaders. The vulnerability could be remotely exploited to allow Cross-site Request Forgery (CSRF).

Vendor-n/a HP Inc.

Product-storeever_msl2024_firmware storeever_msl2024 storeever_1\/8_g2_tape_autoloader storeever_1\/8_g2_tape_autoloader_firmware HPE StoreEver MSL Tape Libraries; HPE StoreEver 1/8 G2 Tape Autoloaders

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2015-0839

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs