Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-5788

Summary
Assigner-hpe
Assigner Org ID-eb103674-0d28-4225-80f8-39fb86215de0
Published At-15 Feb, 2018 | 22:00
Updated At-16 Sep, 2024 | 17:27
Rejected At-
Credits

A Local Disclosure of Sensitive Information vulnerability in HPE NonStop Software Essentials version T0894 T0894H02 through T0894H02^AAI was found.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:hpe
Assigner Org ID:eb103674-0d28-4225-80f8-39fb86215de0
Published At:15 Feb, 2018 | 22:00
Updated At:16 Sep, 2024 | 17:27
Rejected At:
▼CVE Numbering Authority (CNA)

A Local Disclosure of Sensitive Information vulnerability in HPE NonStop Software Essentials version T0894 T0894H02 through T0894H02^AAI was found.

Affected Products
Vendor
Hewlett Packard Enterprise (HPE)Hewlett Packard Enterprise
Product
NonStop Software Essentials
Versions
Affected
  • T0894 T0894H02 through T0894H02^AAI
Problem Types
TypeCWE IDDescription
textN/ALocal Disclosure of Sensitive Information
Type: text
CWE ID: N/A
Description: Local Disclosure of Sensitive Information
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securitytracker.com/id/1038026
vdb-entry
x_refsource_SECTRACK
https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbns03708en_us
x_refsource_CONFIRM
Hyperlink: http://www.securitytracker.com/id/1038026
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbns03708en_us
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securitytracker.com/id/1038026
vdb-entry
x_refsource_SECTRACK
x_transferred
https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbns03708en_us
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securitytracker.com/id/1038026
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbns03708en_us
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-alert@hpe.com
Published At:15 Feb, 2018 | 22:29
Updated At:15 Mar, 2018 | 16:29

A Local Disclosure of Sensitive Information vulnerability in HPE NonStop Software Essentials version T0894 T0894H02 through T0894H02^AAI was found.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.05.5MEDIUM
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary2.04.9MEDIUM
AV:L/AC:L/Au:N/C:C/I:N/A:N
Type: Primary
Version: 3.0
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 2.0
Base score: 4.9
Base severity: MEDIUM
Vector:
AV:L/AC:L/Au:N/C:C/I:N/A:N
CPE Matches
HP Inc.
hp
>>nonstop_server_software>>Versions from t0894h02(inclusive) to t0894h02\^aai(inclusive)
cpe:2.3:a:hp:nonstop_server_software:*:*:*:*:*:*:*:*
HP Inc.
hp
>>nonstop_server>>-
cpe:2.3:h:hp:nonstop_server:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-200Primarynvd@nist.gov
CWE ID: CWE-200
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.securitytracker.com/id/1038026security-alert@hpe.com
Third Party Advisory
VDB Entry
https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbns03708en_ussecurity-alert@hpe.com
Vendor Advisory
Hyperlink: http://www.securitytracker.com/id/1038026
Source: security-alert@hpe.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbns03708en_us
Source: security-alert@hpe.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

397Records found
CVE-2017-8950
Matching Score-10
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-10
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-5.5||MEDIUM
EPSS-0.60% / 68.41%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-17 Sep, 2024 | 00:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Disclosure of Sensitive Information vulnerability in HPE SiteScope version v11.2x, v11.3x was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-sitescopeSiteScope
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-8360
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.22% / 44.20%
||
7 Day CHG~0.00%
Published-12 May, 2017 | 06:54
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Conexant Systems mictray64 task, as used on HP Elite, EliteBook, ProBook, and ZBook systems, leaks sensitive data (keystrokes) to any process. In mictray64.exe (mic tray icon) 1.0.0.46, a LowLevelKeyboardProc Windows hook is used to capture keystrokes. This data is leaked via unintended channels: debug messages accessible to any process that is running in the current user session, and filesystem access to C:\Users\Public\MicTray.log by any process.

Action-Not Available
Vendor-conexantn/aHP Inc.Microsoft Corporation
Product-windows_7elitebook_725_g3probook_446_g3zbook_15_g3probook_655_g2probook_470_g3elitebook_820_g3probook_645_g2windows_10probook_440_g3zbook_15u_g3elitebook_848_g3probook_640_g2zbook_17_g3mictray64elitebook_755_g3elitebook_828_g3elitebook_745_g3elitebook_folio_1040_g3elitebook_850_g3elite_x2_1012_g1zbook_studio_g3elitebook_840_g3elitebook_1030_g1probook_430_g3probook_455_g3probook_450_g3probook_650_g2elitebook_folio_g1n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-2744
Matching Score-10
Assigner-HP Inc.
ShareView Details
Matching Score-10
Assigner-HP Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.17% / 38.03%
||
7 Day CHG~0.00%
Published-23 Jan, 2018 | 16:00
Updated-17 Sep, 2024 | 04:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The vulnerability allows attacker to extract binaries into protected file system locations in HP Support Assistant before 12.7.26.1.

Action-Not Available
Vendor-HP Inc.
Product-support_assistantHP Support Assistant
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-8963
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 16.13%
||
7 Day CHG~0.00%
Published-01 Feb, 2017 | 22:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM BigFix Inventory v9 stores potentially sensitive information in log files that could be read by a local user.

Action-Not Available
Vendor-Linux Kernel Organization, IncOracle CorporationHP Inc.IBM CorporationMicrosoft Corporation
Product-bigfix_inventorylicense_metric_toolaixsolarishp-uxlinux_kernelwindowsBigFix Inventory
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-8981
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 19.37%
||
7 Day CHG~0.00%
Published-01 Feb, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM BigFix Inventory v9 allows web pages to be stored locally which can be read by another user on the system.

Action-Not Available
Vendor-Linux Kernel Organization, IncOracle CorporationHP Inc.IBM CorporationMicrosoft Corporation
Product-bigfix_inventorylicense_metric_toolaixsolarishp-uxlinux_kernelwindowsBigFix Inventory
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-2023
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.14% / 34.36%
||
7 Day CHG~0.00%
Published-30 May, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HPE RESTful Interface Tool 1.40 allows local users to obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-restful_interface_tooln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-5440
Matching Score-10
Assigner-HP Inc.
ShareView Details
Matching Score-10
Assigner-HP Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.77% / 72.48%
||
7 Day CHG~0.00%
Published-16 Sep, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP UCMDB 10.00 and 10.01 before 10.01CUP12, 10.10 and 10.11 before 10.11CUP6, and 10.2x before 10.21 allows local users to obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-universal_configuration_management_databasen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-5809
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-5.5||MEDIUM
EPSS-0.66% / 70.13%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-data_protectorData Protector
CWE ID-CWE-275
Not Available
CVE-2012-2016
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.14% / 35.52%
||
7 Day CHG~0.00%
Published-29 Jun, 2012 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows local users to obtain sensitive information via unknown vectors.

Action-Not Available
Vendor-n/aMicrosoft CorporationHP Inc.Linux Kernel Organization, Inc
Product-linux_kernelsystem_management_homepagewindowsn/a
CVE-2018-7112
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-5.5||MEDIUM
EPSS-0.17% / 39.09%
||
7 Day CHG~0.00%
Published-03 Dec, 2018 | 15:00
Updated-05 Aug, 2024 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HPE-provided Windows firmware installer for certain Gen9, Gen8, G7,and G6 HPE servers allows local disclosure of privileged information. This issue was resolved in previously provided firmware updates as follows. The HPE Windows firmware installer was updated in the system ROM updates which also addressed the original Spectre/Meltdown set of vulnerabilities. At that time, the Windows firmware installer was also updated in the versions of HPE Integrated Lights-Out 2, 3, and 4 (iLO 2, 3, and 4) listed in the security bulletin. The updated HPE Windows firmware installer was released in the system ROM and HPE Integrated Lights-Out (iLO) releases documented in earlier HPE Security Bulletins: HPESBHF03805, HPESBHF03835, HPESBHF03831. Windows-based systems that have already been updated to the system ROM or iLO versions described in these security bulletins require no further action.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-proliant_m710p_server_cartridgeproliant_ml350p_gen8_server_firmwareproliant_ml330_g6_serverproliant_ml150_g6_serverproliant_ml350e_gen8_serverproliant_xl270d_gen9_accelerator_trayproliant_dl160_g6_serverproliant_sl390s_g7_serverproliant_bl660c_gen9_server_firmwareproliant_dl380_g7_serverproliant_ml350p_gen8_serverproliant_bl2x220c_g6_server_bladeproliant_bl660c_gen8_serverproliant_ml150_gen9_server_firmwareproliant_dl385_g7_server_firmwareproliant_dl320_g6_server_firmwareproliant_bl420c_gen8_server_firmwareproliant_bl460c_g7_server_blade_firmwareproliant_xl260a_gen9_server_firmwareproliant_dl360p_gen8_serverintegrated_lights-out_4_firmwareproliant_dl80_gen9_serverproliant_m710x_server_cartridgeproliant_ml310e_gen8_v2_serverproliant_dl385p_gen8_\(amd\)integrated_lights-outproliant_m510_server_cartridge_firmwareproliant_dl380p_gen8_serverproliant_m350_server_cartridge_firmwareproliant_ml10_v2_server_firmwareproliant_dl580_gen8_server_firmwareproliant_ml310e_gen8_server_firmwareproliant_xl250a_gen9_serverproliant_ml10_gen9_server_firmwareproliant_bl460c_gen9_server_bladeproliant_dl160_gen9_server_firmwareproliant_bl2x220c_g6_server_blade_firmwareproliant_dl360_g7_serverproliant_dl120_gen9_server_firmwareproliant_microserver_gen8_firmwareproliant_m300_server_cartridgeproliant_dl360_g6_server_firmwareproliant_bl660c_gen9_serverproliant_ml310e_gen8_v2_server_firmwareproliant_ml350_gen9_server_firmwareproliant_xl750f_gen9_server_firmwareproliant_m710x_server_cartridge_firmwareproliant_ml110_g6_server_firmwareproliant_thin_micro_tm200_server_firmwareproliant_dl360e_gen8_server_firmwareproliant_ml310e_gen8_serverproliant_dl60_gen9_serverproliant_ml350_g6_serverproliant_dl580_gen8_serverproliant_dl980_g7_server_firmwareproliant_bl460c_gen8_server_blade_firmwareproliant_bl490c_g6_server_bladeproliant_bl680c_g7_server_bladeproliant_xl230a_gen9_serverproliant_bl465c_g7_server_bladeproliant_dl560_gen9_server_firmwareproliant_dl120_g7_serverproliant_ws460c_gen9_workstationproliant_bl460c_g7_server_bladeproliant_ml110_g7_serverproliant_dl120_g6_serverproliant_bl280c_g6_serverproliant_bl460c_g6_server_blade_firmwareproliant_dl320e_gen8_serverproliant_sl250s_gen8_serverproliant_sl4540_gen8_1_node_server_firmwareproliant_sl170z_g6_serverproliant_ml330_g6_server_firmwareproliant_sl4545_g7_server_\(amd\)_firmwareproliant_ml150_g6_server_firmwareproliant_xl170r_gen9_serverproliant_ml370_g6_server_firmwareproliant_microserver_gen8proliant_bl620c_g7_server_bladeproliant_sl210t_gen8_server_firmwareproliant_xl270d_gen9_accelerator_tray_firmwareproliant_dl170h_g6_serverproliant_xl730f_gen9_serverproliant_ml350_gen9_serverproliant_dl380e_gen8_server_firmwareproliant_dl360_g7_server_firmwareproliant_ml350e_gen8_server_firmwareproliant_bl620c_g7_server_blade_firmwareproliant_dl320e_gen8_v2_server_firmwareproliant_dl380_gen9_serverproliant_ml350_g6_server_firmwareproliant_xl450_gen9_serverproliant_ml110_gen9_server_firmwareproliant_bl420c_gen8_serverproliant_bl465c_gen8_\(amd\)_firmwareproliant_dl170e_g6_serverproliant_sl390s_g7_server_firmwareproliant_dl380_gen9_server_firmwareintegrated_lights-out_3_firmwareproliant_dl380_g6_server_firmwareproliant_dl385_g7_serverproliant_bl460c_gen8_server_bladeproliant_bl460c_gen9_server_blade_firmwareproliant_m350_server_cartridgeproliant_xl270d_gen9_server_firmwareproliant_ml10_gen9_serverproliant_dl180_gen9_serverproliant_sl250s_gen8_server_firmwareproliant_dl585_g7_server_\(amd\)proliant_xl230a_gen9_server_firmwareproliant_dl380p_gen8_server_firmwareproliant_gen7_serverproliant_xl190r_gen9_serverproliant_xl450_gen9_server_firmwareproliant_dl560_gen9_serverproliant_dl360_gen9_server_firmwareproliant_xl740f_gen9_serverproliant_dl560_gen8_server_firmwareproliant_ml10_v2_serverproliant_bl280c_g6_server_bladefirmwareproliant_dl360_gen9_serverproliant_bl460c_g6_server_bladeproliant_xl740f_gen9_server_firmwareproliant_sl270s_gen8_serverproliant_dl580_g7_serverproliant_bl490c_g7_server_blade_firmwareproliant_ml30_gen9_serverproliant_dl360_g6_serverintegrated_lights-out_2_firmwareproliant_xl270d_gen9_serverproliant_sl4545_g7_server_\(amd\)proliant_dl180_g6_server_firmwareproliant_dl560_gen8_serverproliant_bl2x220c_g7_server_bladeproliant_dl180_g6_serverproliant_xl730f_gen9_server_firmwareproliant_xl250a_gen9_server_firmwareproliant_dl160_gen8_server_firmwareproliant_dl170e_g6_server_firmwareproliant_m510_server_cartridgeproliant_ml150_gen9_serverproliant_ml110_g7_server_firmwareproliant_xl190r_gen9_server_firmwareproliant_dl80_gen9_server_firmwareproliant_dl370_g6_server_firmwareproliant_dl585_g7_server_\(amd\)_firmwareproliant_ml30_gen9_server_firmwareproliant_dl170h_g6_server_firmwareproliant_dl320e_gen8_v2_serverproliant_bl685c_g7_server_blade_\(amd\)proliant_bl490c_g6_server_blade_firmwareproliant_sl270s_gen8_server_firmwareproliant_dl320e_gen8_server_firmwareproliant_dl160_gen9_serverproliant_bl660c_gen8_server_blade_firmwareproliant_dl20_gen9_serverproliant_dl370_g6_serverproliant_dl160_g6_server_firmwareproliant_bl465c_gen8_\(amd\)proliant_gen8_serverproliant_ml350e_gen8_v2_server_firmwareproliant_dl120_g7_server_firmwareproliant_ws460c_gen9_workstation_firmwareproliant_dl120_gen9_serverproliant_dl360e_gen8_serverproliant_dl120_g6_server_firmwareintegrated_lights-out_2proliant_m300_server_cartridge_firmwareproliant_dl380_g6_serverproliant_ml370_g6_serverproliant_sl2x170z_g6_serverproliant_xl750f_gen9_serverproliant_dl160_gen8_serverproliant_dl385p_gen8_\(amd\)_firmwareproliant_sl160s_g6_serverproliant_thin_micro_tm200_serverproliant_bl490c_g7_server_bladeproliant_m710p_server_cartridge_firmwareproliant_dl380e_gen8_serverproliant_dl320_g6_serverproliant_gen6_serverproliant_bl680c_g7_server_blade_firmwareproliant_bl2x220c_g7_server_blade_firmwareproliant_sl2x170z_g6_server_firmwareproliant_dl20_gen9_server_firmwareproliant_ml110_gen9_serverproliant_dl360p_gen8_server_firmwareproliant_dl580_g7_server_firmwareproliant_xl170r_gen9_server_firmwareproliant_sl160s_g6_server_firmwareproliant_xl260a_gen9_serverproliant_m710_server_cartridge_firmwareproliant_ml350e_gen8_v2_serverproliant_bl685c_g7_server_blade_\(amd\)_firmwareproliant_dl60_gen9_server_firmwareproliant_sl170z_g6_server_firmwareproliant_bl465c_g7_server_blade_firmwareproliant_m710_server_cartridgeproliant_dl180_gen9_server_firmwareproliant_dl980_g7_serverproliant_dl380_g7_server_firmwareproliant_ml110_g6_serverproliant_sl210t_gen8_serverproliant_sl4540_gen8_1_node_serverWindows firmware installer for Gen9, Gen8, G7,and G6 HPE servers
CVE-2018-7100
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-5.5||MEDIUM
EPSS-0.44% / 62.24%
||
7 Day CHG~0.00%
Published-14 Aug, 2018 | 14:00
Updated-05 Aug, 2024 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential security vulnerability has been identified in HPE OfficeConnect 1810 Switch Series (HP 1810-24G - P.2.22 and previous versions, HP 1810-48G PK.1.34 and previous versions, HP 1810-8 v2 P.2.22 and previous versions). The vulnerability could allow local disclosure of sensitive information.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-officeconnect_1810-8_v2_switchofficeconnect_1810-24g_switchofficeconnect_1810-48g_switch_firmwareofficeconnect_1810-8_v2_switch_firmwareofficeconnect_1810-48g_switchofficeconnect_1810-24g_switch_firmwareHP 1810-24G, HP 1810-48G, HP 1810-8 v2 Switches
CVE-2018-7094
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-5.5||MEDIUM
EPSS-0.09% / 27.23%
||
7 Day CHG~0.00%
Published-14 Aug, 2018 | 14:00
Updated-05 Aug, 2024 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-5.0.0.0-22913(GA). The vulnerability may be exploited locally to allow disclosure of privileged information.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)
Product-3par_service_providerHPE 3PAR Service Processors
CVE-2016-2016
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 16.63%
||
7 Day CHG~0.00%
Published-14 May, 2016 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Base-VxFS-50 B.05.00.01 through B.05.00.02, Base-VxFS-501 B.05.01.0 through B.05.01.03, and Base-VxFS-51 B.05.10.00 through B.05.10.02 on HPE HP-UX 11iv3 with VxFS 5.0, VxFS 5.0.1, and VxFS 5.1SP1 mishandles ACL inheritance for default:class: entries, default:other: entries, and default:user: entries, which allows local users to bypass intended access restrictions by leveraging the configuration of a parent directory.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxbase-vxfs-50base-vxfs-51base-vxfs-501n/a
CWE ID-CWE-284
Improper Access Control
CVE-2018-7099
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-5.5||MEDIUM
EPSS-0.44% / 62.24%
||
7 Day CHG~0.00%
Published-14 Aug, 2018 | 14:00
Updated-05 Aug, 2024 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be locally exploited to allow disclosure of privileged information.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-3par_service_providerHPE 3PAR Service Processors
CVE-2008-3946
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.07% / 20.54%
||
7 Day CHG~0.00%
Published-05 Sep, 2008 | 16:00
Updated-07 Aug, 2024 | 10:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The finger client in HP TCP/IP Services for OpenVMS 5.x allows local users to read arbitrary files via a link corresponding to a (1) .plan or (2) .project file.

Action-Not Available
Vendor-n/aHP Inc.
Product-openvmsn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2016-8967
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 16.13%
||
7 Day CHG~0.00%
Published-01 Feb, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM BigFix Inventory v9 9.2 stores user credentials in plain in clear text which can be read by a local user.

Action-Not Available
Vendor-Linux Kernel Organization, IncOracle CorporationHP Inc.IBM CorporationMicrosoft Corporation
Product-bigfix_inventorylicense_metric_toolaixsolarishp-uxlinux_kernelwindowsBigFix Inventory
CVE-2017-8949
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-5.5||MEDIUM
EPSS-0.26% / 48.63%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-17 Sep, 2024 | 03:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Disclosure of Sensitive Information vulnerability in HPE SiteScope version v11.2x, v11.3x was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-sitescopeSiteScope
CVE-2017-8952
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.5||HIGH
EPSS-2.60% / 85.02%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 23:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Disclosure of Sensitive Information vulnerability in HPE SiteScope version v11.2x, v11.3x was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-sitescopeSiteScope
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-8978
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-4.6||MEDIUM
EPSS-0.24% / 47.36%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Unauthorized Disclosure of Information vulnerability in HPE IceWall Products version MFA 4.0 proxy was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-icewall_ssoicewall_mfaicewall_mcrpIceWall Products
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-8951
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.8||HIGH
EPSS-0.40% / 60.11%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Disclosure of Sensitive Information vulnerability in HPE SiteScope version v11.2x, v11.3x was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-sitescopeSiteScope
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-8985
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-5.3||MEDIUM
EPSS-0.09% / 26.24%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HPE XP Storage using Hitachi Global Link Manager (HGLM) has a local authenticated information disclosure vulnerability in HGLM version HGLM 6.3.0-00 to 8.5.2-00.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-xp_storage_hitachi_global_link_managerXP Storage using HGLM
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-8980
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.5||HIGH
EPSS-2.19% / 83.72%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-17 Sep, 2024 | 02:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Disclosure of Information vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centerIntelligent Management Center (iMC) PLAT
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-8970
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-5.3||MEDIUM
EPSS-0.76% / 72.34%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-17 Sep, 2024 | 00:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote unauthenticated disclosure of information vulnerability in HPE Matrix Operating Environment version 7.6 LR1 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-matrix_operating_environmentMatrix Operating Environment
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-1999-1136
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.13% / 32.68%
||
7 Day CHG~0.00%
Published-09 Mar, 2002 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in Predictive on HP-UX 11.0 and earlier, and MPE/iX 5.5 and earlier, allows attackers to compromise data transfer for Predictive messages (using e-mail or modem) between customer and Response Center Predictive systems.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxmpe_ixn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-5811
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.5||HIGH
EPSS-14.79% / 94.25%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-17 Sep, 2024 | 00:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-network_automationNetwork Automation
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-5803
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.5||HIGH
EPSS-7.60% / 91.47%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-17 Sep, 2024 | 01:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Disclosure of Information vulnerability in HPE NonStop Servers using SSH Service version L series: T0801L02 through T0801L02^ABX; J and H series: T0801H01 through T0801H01^ACA was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-nonstop_server_softwarenonstop_serverNonStop Servers using SSH Service
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-5795
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-6.5||MEDIUM
EPSS-0.59% / 68.20%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 22:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Local Arbitrary File Download vulnerability in HPE Intelligent Management Center (IMC) version PLAT 7.2 E0403P06 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centerIntelligent Management Center (IMC) PLAT
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-4829
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-1.5||LOW
EPSS-0.06% / 17.29%
||
7 Day CHG~0.00%
Published-04 Oct, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP LaserJet M4555, M525, and M725; LaserJet flow MFP M525c; LaserJet Enterprise color flow MFP M575c; Color LaserJet CM4540, M575, and M775; and ScanJet Enterprise 8500fn1 FutureSmart devices allow local users to read images of arbitrary scanned documents via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-color_laserjet_cm4540fcolor_laserjet_cm4540fskmcolor_laserjet_cm4540color_laserjet_m775dnlaserjet_m725z\+laserjet_m725flaserjet_m4555fskmlaserjet_m525dnlaserjet_enterprise_color_flow_m575claserjet_m725zlaserjet_flow_m525ccolor_laserjet_m775zlaserjet_m725dncolor_laserjet_m775flaserjet_m4555color_laserjet_m575flaserjet_m4555flaserjet_m4555hlaserjet_m525fcolor_laserjet_m575dnscanjet_enterprise_8500fn1color_laserjet_m775z\+n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-5801
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.5||HIGH
EPSS-5.54% / 89.89%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 20:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Unauthorized Access to Data vulnerability in HPE Business Process Monitor version v09.2x, v09.30 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-business_process_monitorBusiness Process Monitor
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-5797
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.5||HIGH
EPSS-2.16% / 83.59%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Unauthenticated Disclosure of Information vulnerability in HPE Intelligent Management Center (IMC) SOM version v7.3 (E0501) was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centerIntelligent Management Center (IMC)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-4826
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-5||MEDIUM
EPSS-77.23% / 98.93%
||
7 Day CHG~0.00%
Published-13 Oct, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-1647.

Action-Not Available
Vendor-n/aHP Inc.
Product-imc_service_operation_management_software_moduleintelligent_management_centern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-6331
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-3.3||LOW
EPSS-0.08% / 24.46%
||
7 Day CHG~0.00%
Published-09 Jan, 2020 | 18:28
Updated-04 Aug, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was found in Samsung Mobile Print (Android) versions prior to 4.08.007. A potential security vulnerability caused by incomplete obfuscation of application configuration information.

Action-Not Available
Vendor-n/aHP Inc.
Product-samsung_mobile_printSamsung Mobile Print (Android)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-17556
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.13% / 33.27%
||
7 Day CHG~0.00%
Published-15 Dec, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A debug tool in Synaptics TouchPad drivers allows local users with administrative access to obtain sensitive information about keyboard scan codes by modifying registry keys.

Action-Not Available
Vendor-n/aHP Inc.
Product-synaptics_touchpad_drivern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-2322
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-3.5||LOW
EPSS-0.24% / 46.93%
||
7 Day CHG~0.00%
Published-28 Jun, 2013 | 14:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP SQL/MX 3.2 and earlier on NonStop servers, when SQL/MP Objects are used, allows remote authenticated users to obtain sensitive information via unspecified vectors, aka the "SQL/MP index" issue.

Action-Not Available
Vendor-n/aHP Inc.
Product-nonstop_sql\/mxn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-13990
Matching Score-6
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-6
Assigner-OpenText (formerly Micro Focus)
CVSS Score-5.3||MEDIUM
EPSS-0.55% / 66.99%
||
7 Day CHG~0.00%
Published-29 Sep, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of Apache Tomcat application server version.

Action-Not Available
Vendor-n/aHP Inc.
Product-arcsight_enterprise_security_managerarcsight_enterprise_security_manager_expressn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-42394
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 62.02%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 18:57
Updated-12 Aug, 2024 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated Stack-Based Buffer Overflow Remote Command Execution (RCE) in the Soft AP Daemon Service Accessed by the PAPI Protocol

There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.

Action-Not Available
Vendor-HP Inc.Aruba NetworksHewlett Packard Enterprise (HPE)
Product-arubaosinstantosHPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10arubaosaruba_networking_instantos
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-42508
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 7.15%
||
7 Day CHG~0.00%
Published-18 Oct, 2024 | 15:10
Updated-17 Mar, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability could be exploited, leading to unauthorized disclosure of information to authenticated users.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-oneviewHPE OneView
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2012-3249
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-4||MEDIUM
EPSS-0.24% / 46.71%
||
7 Day CHG~0.00%
Published-16 Aug, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Fortify Software Security Center 3.1, 3.3, 3.4, and 3.5 allows remote authenticated users to obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-fortify_software_security_centern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2012-0130
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-5||MEDIUM
EPSS-1.18% / 77.88%
||
7 Day CHG~0.00%
Published-04 Apr, 2012 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Onboard Administrator (OA) before 3.50 allows remote attackers to obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-onboard_administratorn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-13991
Matching Score-6
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-6
Assigner-OpenText (formerly Micro Focus)
CVSS Score-5.3||MEDIUM
EPSS-0.55% / 66.99%
||
7 Day CHG~0.00%
Published-29 Sep, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of product license features.

Action-Not Available
Vendor-n/aHP Inc.
Product-arcsight_enterprise_security_managerarcsight_enterprise_security_manager_expressn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-4785
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-7.8||HIGH
EPSS-1.72% / 81.63%
||
7 Day CHG~0.00%
Published-10 Jan, 2012 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in the HP-ChaiSOE/1.0 web server on the HP LaserJet P3015 printer with firmware before 07.080.3, LaserJet 4650 printer with firmware 07.006.0, and LaserJet 2430 printer with firmware 08.113.0_I35128 allows remote attackers to read arbitrary files via unspecified vectors, a different vulnerability than CVE-2008-4419.

Action-Not Available
Vendor-n/aHP Inc.
Product-laserjet_4650laserjet_2430laserjet_p3015hp-chaisoen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-1725
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-5||MEDIUM
EPSS-1.04% / 76.56%
||
7 Day CHG~0.00%
Published-27 Apr, 2011 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP Network Automation 7.2x, 7.5x, 7.6x, 9.0, and 9.10 allows remote attackers to obtain sensitive information via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-network_automationn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-1531
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.78% / 72.82%
||
7 Day CHG~0.00%
Published-15 Apr, 2011 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The webscan component in the Embedded Web Server (EWS) on the HP Photosmart D110 and B110; Photosmart Plus B210; Photosmart Premium C310, Fax All-in-One, and C510; and ENVY 100 D410 printers allows remote attackers to read documents on the scan surface via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-photosmart_premium_c510photosmart_d110photosmart_premium_fax_all-in-onephotosmart_premium_c310photosmart_plus_b210photosmart_b110envy_100_d410n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-0890
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-5||MEDIUM
EPSS-0.74% / 72.01%
||
7 Day CHG~0.00%
Published-25 Mar, 2011 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Discovery & Dependency Mapping Inventory (DDMI) 7.50, 7.51, 7.60, 7.61, 7.70, and 9.30 launches the Windows SNMP service with its default configuration, which allows remote attackers to obtain potentially sensitive information or have unspecified other impact by leveraging the public read community.

Action-Not Available
Vendor-n/aHP Inc.Microsoft Corporation
Product-windowsdiscovery\&dependency_mapping_inventoryn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2009-3097
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.66% / 70.13%
||
7 Day CHG~0.00%
Published-08 Sep, 2009 | 18:00
Updated-16 Sep, 2024 | 17:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in HP Performance Insight 5.3 on Windows allow attackers to obtain sensitive information via unknown vectors, as demonstrated by certain modules in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.

Action-Not Available
Vendor-n/aMicrosoft CorporationHP Inc.
Product-windowsperformance_insightn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2010-4112
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-5||MEDIUM
EPSS-1.06% / 76.72%
||
7 Day CHG~0.00%
Published-22 Dec, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Insight Management Agents before 8.6 allows remote attackers to obtain sensitive information via an unspecified request that triggers disclosure of the full path.

Action-Not Available
Vendor-n/aHP Inc.
Product-insight_management_agentsn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2010-3284
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.59% / 68.31%
||
7 Day CHG~0.00%
Published-24 Sep, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to obtain sensitive information via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-system_management_homepagen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2010-2612
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.13% / 32.66%
||
7 Day CHG~0.00%
Published-01 Jul, 2010 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the HP OpenVMS Auditing feature in OpenVMS ALPHA 7.3-2, 8.2, and 8.3; and OpenVMS for Integrity Servers 8.3 AND 8.3-1H1; allows local users to obtain sensitive information via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-openvms_for_integrity_serversopenvmsn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-1999-0524
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.70% / 71.11%
||
7 Day CHG~0.00%
Published-04 Feb, 2000 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.

Action-Not Available
Vendor-windriverscon/aLinux Kernel Organization, IncNovellSilicon Graphics, Inc.IBM CorporationOracle CorporationCisco Systems, Inc.Microsoft CorporationApple Inc.HP Inc.
Product-linux_kerneltru64hp-uxbsdosaixmacossolarissco_unixioswindowsirixnetwaremac_os_xos2n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-12543
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-6.5||MEDIUM
EPSS-0.37% / 58.27%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-17 Sep, 2024 | 02:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote disclosure of information vulnerability in Moonshot Remote Console Administrator Prior to 2.50, iLO4 prior to v2.53, iLO3 prior to v1.89 and iLO2 prior to v2.30 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-integrated_lights-outintegrated_lights-out_3_firmwareintegrated_lights-out_2_firmwaremoonshot_remote_console_administratorintegrated_lights-out_4_firmwareIntegrated Lights-Out 4
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 7
  • 8
  • Next
Details not found