Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2016-4375

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-08 Sep, 2016 | 16:00
Updated At-06 Aug, 2024 | 00:25
Rejected At-
Credits

Multiple unspecified vulnerabilities in HPE Integrated Lights-Out 3 (aka iLO 3) firmware before 1.88, Integrated Lights-Out 4 (aka iLO 4) firmware before 2.44, and Integrated Lights-Out 4 (aka iLO 4) mRCA firmware before 2.32 allow remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:08 Sep, 2016 | 16:00
Updated At:06 Aug, 2024 | 00:25
Rejected At:
▼CVE Numbering Authority (CNA)

Multiple unspecified vulnerabilities in HPE Integrated Lights-Out 3 (aka iLO 3) firmware before 1.88, Integrated Lights-Out 4 (aka iLO 4) firmware before 2.44, and Integrated Lights-Out 4 (aka iLO 4) mRCA firmware before 2.32 allow remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securitytracker.com/id/1036629
vdb-entry
x_refsource_SECTRACK
http://www.securityfocus.com/bid/92484
vdb-entry
x_refsource_BID
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05236950
x_refsource_CONFIRM
Hyperlink: http://www.securitytracker.com/id/1036629
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.securityfocus.com/bid/92484
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05236950
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securitytracker.com/id/1036629
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.securityfocus.com/bid/92484
vdb-entry
x_refsource_BID
x_transferred
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05236950
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securitytracker.com/id/1036629
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.securityfocus.com/bid/92484
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05236950
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:08 Sep, 2016 | 16:59
Updated At:12 Apr, 2025 | 10:46

Multiple unspecified vulnerabilities in HPE Integrated Lights-Out 3 (aka iLO 3) firmware before 1.88, Integrated Lights-Out 4 (aka iLO 4) firmware before 2.44, and Integrated Lights-Out 4 (aka iLO 4) mRCA firmware before 2.32 allow remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.09.8CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.0
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
HP Inc.
hp
>>integrated_lights-out_3_firmware>>1.87
cpe:2.3:o:hp:integrated_lights-out_3_firmware:1.87:*:*:*:*:*:*:*
HP Inc.
hp
>>integrated_lights-out_4_firmware>>2.43
cpe:2.3:o:hp:integrated_lights-out_4_firmware:2.43:*:*:*:*:*:*:*
HP Inc.
hp
>>integrated_lights-out_4_mrca_firmware>>2.31
cpe:2.3:o:hp:integrated_lights-out_4_mrca_firmware:2.31:*:*:*:*:*:*:*
HP Inc.
hp
>>integrated_lights-out_3>>-
cpe:2.3:h:hp:integrated_lights-out_3:-:*:*:*:*:*:*:*
HP Inc.
hp
>>integrated_lights-out_4>>-
cpe:2.3:h:hp:integrated_lights-out_4:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.securityfocus.com/bid/92484cve@mitre.org
N/A
http://www.securitytracker.com/id/1036629cve@mitre.org
N/A
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05236950cve@mitre.org
Vendor Advisory
http://www.securityfocus.com/bid/92484af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id/1036629af854a3a-2127-422b-91ae-364da2661108
N/A
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05236950af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/92484
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1036629
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05236950
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/92484
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1036629
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05236950
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

269Records found
CVE-2010-3004
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-6.21% / 90.50%
||
7 Day CHG~0.00%
Published-08 Sep, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP Operations Agent 7.36 and 8.6 on Windows allows remote attackers to execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.Microsoft Corporation
Product-operations_agentwindowsn/a
CVE-2010-1964
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-82.13% / 99.17%
||
7 Day CHG~0.00%
Published-17 Jun, 2010 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unspecified parameters to jovgraph.exe, aka ZDI-CAN-683.

Action-Not Available
Vendor-n/aHP Inc.
Product-openview_network_node_managern/a
CVE-2015-6863
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-2.45% / 84.60%
||
7 Day CHG~0.00%
Published-16 Jan, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HPE ArcSight Logger before 6.1P1 allows remote attackers to execute arbitrary code via unspecified input to the (1) Intellicus or (2) client-certificate upload component.

Action-Not Available
Vendor-n/aHP Inc.
Product-arcsight_loggern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-6867
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.68% / 90.04%
||
7 Day CHG~0.00%
Published-04 Nov, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The vertica-udx-zygote process in HP Vertica 7.1.1 UDx does not require authentication, which allows remote attackers to execute arbitrary commands via a crafted packet, aka ZDI-CAN-2914.

Action-Not Available
Vendor-n/aHP Inc.
Product-vertican/a
CWE ID-CWE-284
Improper Access Control
CVE-2000-0443
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.35% / 88.50%
||
7 Day CHG~0.00%
Published-13 Oct, 2000 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The web interface server in HP Web JetAdmin 5.6 allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Action-Not Available
Vendor-n/aHP Inc.
Product-jetadminn/a
CVE-2015-5417
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-7.93% / 91.70%
||
7 Day CHG~0.00%
Published-24 Aug, 2015 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2876.

Action-Not Available
Vendor-n/aHP Inc.
Product-keyviewn/a
CVE-2015-5404
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-1.01% / 76.20%
||
7 Day CHG~0.00%
Published-27 Aug, 2015 | 01:50
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote attackers to obtain sensitive information or modify data via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-matrix_operating_environmentsystems_insight_managern/a
CVE-2015-5427
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-1.11% / 77.31%
||
7 Day CHG~0.00%
Published-27 Aug, 2015 | 01:50
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5428 and CVE-2015-5429.

Action-Not Available
Vendor-n/aHP Inc.
Product-matrix_operating_environmentn/a
CVE-2015-5424
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-7.93% / 91.70%
||
7 Day CHG~0.00%
Published-24 Aug, 2015 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2885.

Action-Not Available
Vendor-n/aHP Inc.
Product-keyviewn/a
CVE-2015-5429
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-1.11% / 77.31%
||
7 Day CHG~0.00%
Published-27 Aug, 2015 | 01:50
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5427 and CVE-2015-5428.

Action-Not Available
Vendor-n/aHP Inc.
Product-matrix_operating_environmentn/a
CVE-2015-5416
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-2.32% / 84.16%
||
7 Day CHG~0.00%
Published-24 Aug, 2015 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2875.

Action-Not Available
Vendor-n/aHP Inc.
Product-keyviewn/a
CVE-2010-1965
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-1.73% / 81.69%
||
7 Day CHG~0.00%
Published-14 Jul, 2010 | 18:31
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP Insight Orchestration for Windows before 6.1 allows remote attackers to read or modify data via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.Microsoft Corporation
Product-insight_orchestrationwindowsn/a
CVE-2009-2298
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.77% / 85.49%
||
7 Day CHG~0.00%
Published-02 Jul, 2009 | 10:00
Updated-16 Sep, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in rping in HP OpenView Network Node Manager (OV NNM) 7.53 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, possibly involving a CGI request to webappmon.exe. NOTE: this may overlap CVE-2009-1420.

Action-Not Available
Vendor-n/aHP Inc.
Product-openview_network_node_managern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-11945
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-62.70% / 98.31%
||
7 Day CHG~0.00%
Published-05 Jun, 2019 | 14:58
Updated-04 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

Action-Not Available
Vendor-n/aHP Inc.
Product-intelligent_management_centerHPE Intelligent Management Center (IMC) PLAT
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2020-7209
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-93.39% / 99.81%
||
7 Day CHG~0.00%
Published-12 Feb, 2020 | 23:24
Updated-04 Aug, 2024 | 09:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution which is resolved in release 6.0-2.

Action-Not Available
Vendor-n/aHP Inc.
Product-linuxkiLinuxKI
CVE-2015-2109
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-0.56% / 67.38%
||
7 Day CHG~0.00%
Published-31 Mar, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP Operations Orchestration 10.x allows remote attackers to bypass authentication, and obtain sensitive information or modify data, via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-operations_orchestrationn/a
CVE-2020-7203
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-1.14% / 77.53%
||
7 Day CHG~0.00%
Published-18 Dec, 2020 | 22:17
Updated-04 Aug, 2024 | 09:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential security vulnerability has been identified in HPE iLO Amplifier Pack server version 1.70. The vulnerability could be exploited to allow remote code execution.

Action-Not Available
Vendor-n/aHP Inc.
Product-ilo_amplifier_packiLO Amplifier Pack
CVE-2015-3145
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-65.09% / 98.41%
||
7 Day CHG~0.00%
Published-24 Apr, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.

Action-Not Available
Vendor-n/aopenSUSEFedora ProjectApple Inc.HP Inc.Debian GNU/LinuxOracle CorporationCanonical Ltd.CURL
Product-solarislibcurlsystem_management_homepagefedoraopensuseubuntu_linuxcurldebian_linuxmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-2117
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-10.15% / 92.82%
||
7 Day CHG~0.00%
Published-26 Apr, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP TippingPoint Security Management System (SMS) and TippingPoint Virtual Security Management System (vSMS) before 4.1 patch 3 and 4.2 before patch 1 do not require authentication for JBoss RMI requests, which allows remote attackers to execute arbitrary code by (1) uploading this code within an archive or (2) instantiating a class.

Action-Not Available
Vendor-n/aHP Inc.
Product-tippingpoint_security_management_systemtippingpoint_virtual_security_management_systemn/a
CWE ID-CWE-287
Improper Authentication
CVE-2009-0920
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-58.77% / 98.14%
||
7 Day CHG~0.00%
Published-25 Mar, 2009 | 01:00
Updated-07 Aug, 2024 | 04:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in OvCgi/Toolbar.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long OvOSLocale cookie, a variant of CVE-2008-0067.

Action-Not Available
Vendor-n/aHP Inc.
Product-network_node_managern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-0716
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.16% / 77.76%
||
7 Day CHG~0.00%
Published-21 Apr, 2009 | 15:00
Updated-07 Aug, 2024 | 04:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 before 5.1.1.1090.15 allows remote attackers to cause a denial of service or obtain "access" via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-storageworks_storage_mirroringn/a
CVE-2016-2012
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.23% / 45.80%
||
7 Day CHG~0.00%
Published-07 May, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote attackers to bypass authentication via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-network_node_manager_in/a
CWE ID-CWE-287
Improper Authentication
CVE-2018-12463
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
CVSS Score-7.3||HIGH
EPSS-19.33% / 95.15%
||
7 Day CHG~0.00%
Published-12 Jul, 2018 | 16:00
Updated-16 Sep, 2024 | 22:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MFSBGN03811 rev.1 - Fortify Software Security Center (SSC), Multiple vulnerabilities

An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC), version 17.1, 17.2, 18.1 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.

Action-Not Available
Vendor-Micro Focus International LimitedHP Inc.
Product-fortify_software_security_centerFortify Software Security Center
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2014-2635
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-4.84% / 89.11%
||
7 Day CHG~0.00%
Published-10 Oct, 2014 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2343.

Action-Not Available
Vendor-n/aHP Inc.
Product-sprintern/a
CVE-2014-2649
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-3.62% / 87.35%
||
7 Day CHG~0.00%
Published-10 Oct, 2014 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP Operations Manager 9.20 on UNIX allows remote attackers to execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.Linux Kernel Organization, Inc
Product-operations_managerkerneln/a
CVE-2022-28623
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-0.61% / 68.74%
||
7 Day CHG~0.00%
Published-08 Jul, 2022 | 12:39
Updated-03 Aug, 2024 | 05:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Security vulnerabilities in HPE IceWall SSO 10.0 certd could be exploited remotely to allow SQL injection or unauthorized data injection. HPE has provided the following updated modules to resolve these vulnerabilities. HPE IceWall SSO version 10.0 certd library Patch 9 for RHEL and HPE IceWall SSO version 10.0 certd library Patch 9 for HP-UX.

Action-Not Available
Vendor-n/aHewlett Packard Enterprise (HPE)HP Inc.Red Hat, Inc.
Product-enterprise_linuxicewall_sso_certdhp-uxHPE IceWall SSO
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-28617
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-0.49% / 64.57%
||
7 Day CHG~0.00%
Published-17 May, 2022 | 19:59
Updated-03 Aug, 2024 | 05:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote bypass security restrictions vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.

Action-Not Available
Vendor-n/aHP Inc.
Product-oneviewHPE OneView
CVE-2014-2615
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-7.58% / 91.47%
||
7 Day CHG~0.00%
Published-07 Jul, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors, aka ZDI-CAN-2083.

Action-Not Available
Vendor-n/aHP Inc.
Product-universal_configuration_management_databasen/a
CVE-2022-28616
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-0.49% / 64.64%
||
7 Day CHG~0.00%
Published-17 May, 2022 | 20:04
Updated-03 Aug, 2024 | 05:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.

Action-Not Available
Vendor-n/aHP Inc.
Product-oneviewHPE OneView
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2014-2636
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-4.84% / 89.11%
||
7 Day CHG~0.00%
Published-10 Oct, 2014 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2336.

Action-Not Available
Vendor-n/aHP Inc.
Product-sprintern/a
CVE-2020-7206
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-1.04% / 76.58%
||
7 Day CHG~0.00%
Published-17 Jul, 2020 | 21:16
Updated-04 Aug, 2024 | 09:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP nagios plugin for iLO (nagios-plugins-hpilo v1.50 and earlier) has a php code injection vulnerability.

Action-Not Available
Vendor-n/aHP Inc.
Product-nagios-plugins-hpilonagios-plugins-ilo
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-7133
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-1.63% / 81.16%
||
7 Day CHG~0.00%
Published-24 Apr, 2020 | 18:36
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A unauthorized remote access vulnerability was discovered in HPE IOT + GCP version(s): 1.4.0, 1.4.1, 1.4.2, 1.2.4.2.

Action-Not Available
Vendor-n/aHP Inc.
Product-hpe_iot_\+_gcpHPE IOT + GCP
CVE-2020-7200
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-83.78% / 99.25%
||
7 Day CHG~0.00%
Published-18 Dec, 2020 | 22:14
Updated-04 Aug, 2024 | 09:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential security vulnerability has been identified in HPE Systems Insight Manager (SIM) version 7.6. The vulnerability could be exploited to allow remote code execution.

Action-Not Available
Vendor-n/aHP Inc.
Product-systems_insight_managerHPE Systems Insight Manager (SIM)
CVE-2017-8994
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-1.37% / 79.45%
||
7 Day CHG~0.00%
Published-10 Oct, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A input validation vulnerability in HPE Operations Orchestration product all versions prior to 10.80, allows for the execution of code remotely.

Action-Not Available
Vendor-Micro Focus International LimitedHP Inc.
Product-operations_orchestrationHPE Operations Orchestration
CWE ID-CWE-20
Improper Input Validation
CVE-2017-8990
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-35.78% / 96.96%
||
7 Day CHG~0.00%
Published-06 Aug, 2018 | 20:00
Updated-05 Aug, 2024 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability was identified in HPE Intelligent Management Center (iMC) Wireless Service Manager (WSM) Software earlier than version WSM 7.3 (E0506). This issue was resolved in HPE IMC Wireless Services Manager Software IMC WSM 7.3 E0506P01 or subsequent version.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-imc_wireless_service_managerHPE Intelligent Management Center (IMC) Wirelss Service Manager
CVE-2017-8979
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-3.08% / 86.25%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-17 Sep, 2024 | 01:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Security vulnerabilities in the HPE Integrated Lights-Out 2 (iLO 2) firmware could be exploited remotely to allow authentication bypass, code execution, and denial of service.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-integrated_lights-out_2_firmwareintegrated_lights-outIntegrated Lights-Out 2 (iLO 2)
CVE-2017-8957
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-53.98% / 97.92%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-17 Sep, 2024 | 04:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centerIntelligent Management Center (iMC) PLAT
CWE ID-CWE-20
Improper Input Validation
CVE-2017-8975
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-53.98% / 97.92%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-17 Sep, 2024 | 01:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Code Execution vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-moonshot_provisioning_manager_applianceMoonshot Provisioning Manager Appliance
CWE ID-CWE-20
Improper Input Validation
CVE-2020-7197
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-1.52% / 80.52%
||
7 Day CHG~0.00%
Published-26 Oct, 2020 | 15:09
Updated-04 Aug, 2024 | 09:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SSMC3.7.0.0 is vulnerable to remote authentication bypass. HPE StoreServ Management Console (SSMC) 3.7.0.0 is an off node multiarray manager web application and remains isolated from data on the managed arrays. HPE has provided an update to HPE StoreServ Management Console (SSMC) software 3.7.0.0* Upgrade to HPE 3PAR StoreServ Management Console 3.7.1.1 or later.

Action-Not Available
Vendor-n/aHP Inc.
Product-storeserv_management_consoleHPE 3PAR StoreServ Management and Core Software Media
CWE ID-CWE-287
Improper Authentication
CVE-2014-2614
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-1.04% / 76.50%
||
7 Day CHG~0.00%
Published-07 Jul, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP SiteScope 11.1x through 11.13 and 11.2x through 11.24 allows remote attackers to bypass authentication via unknown vectors, aka ZDI-CAN-2140.

Action-Not Available
Vendor-n/aHP Inc.
Product-sitescopen/a
CWE ID-CWE-287
Improper Authentication
CVE-2017-7658
Matching Score-8
Assigner-Eclipse Foundation
ShareView Details
Matching Score-8
Assigner-Eclipse Foundation
CVSS Score-9.8||CRITICAL
EPSS-9.39% / 92.47%
||
7 Day CHG~0.00%
Published-26 Jun, 2018 | 17:00
Updated-05 Aug, 2024 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization.

Action-Not Available
Vendor-NetApp, Inc.Eclipse Foundation AISBLOracle CorporationDebian GNU/LinuxHP Inc.
Product-rest_data_serviceshci_storage_nodexp_p9000storage_services_connectorsolidfiresnapcenterretail_xstore_paymentdebian_linuxxp_p9000_command_viewsnapmanagerhci_management_nodee-series_santricity_os_controlleroncommand_system_managerretail_xstore_point_of_servicee-series_santricity_managementsnap_creator_frameworkoncommand_unified_manager_for_7-modesantricity_cloud_connectore-series_santricity_web_servicesjettyEclipse Jetty
CWE ID-CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVE-2017-5815
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-61.26% / 98.25%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centerIntelligent Management Center (iMC) PLAT
CWE ID-CWE-20
Improper Input Validation
CVE-2017-5804
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-55.25% / 97.97%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centerIntelligent Management Center (iMC) PLAT
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2017-5790
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-42.75% / 97.38%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-17 Sep, 2024 | 03:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote deserialization of untrusted data vulnerability in HPE Intelligent Management Center (IMC) PLAT version 7.2 E0403P06 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centerIntelligent Management Center (IMC) PLAT
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2017-5817
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-83.65% / 99.24%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 16:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centerIntelligent Management Center (iMC) PLAT
CWE ID-CWE-20
Improper Input Validation
CVE-2017-5816
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-90.38% / 99.58%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centerIntelligent Management Center (iMC) PLAT
CWE ID-CWE-20
Improper Input Validation
CVE-2013-4834
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-5.52% / 89.87%
||
7 Day CHG~0.00%
Published-04 Nov, 2013 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the client component in HP Application LifeCycle Management (ALM) before 11 p11 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1327.

Action-Not Available
Vendor-n/aHP Inc.
Product-application_lifecycle_managementn/a
CVE-2017-5820
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-53.98% / 97.92%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 17:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centerIntelligent Management Center (iMC) PLAT
CVE-2017-5641
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-37.36% / 97.06%
||
7 Day CHG~0.00%
Published-28 Dec, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Previous versions of Apache Flex BlazeDS (4.7.2 and earlier) did not restrict which types were allowed for AMF(X) object deserialization by default. During the deserialization process code is executed that for several known types has undesired side-effects. Other, unknown types may also exhibit such behaviors. One vector in the Java standard library exists that allows an attacker to trigger possibly further exploitable Java deserialization of untrusted data. Other known vectors in third party libraries can be used to trigger remote code execution.

Action-Not Available
Vendor-The Apache Software FoundationHP Inc.
Product-flex_blazedsxp_command_view_advanced_editionApache Flex Blaze DS
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2017-5814
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-37.13% / 97.04%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-17 Sep, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote sql injection authentication bypass in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-network_automationNetwork Automation
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found