Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-24648

Summary
Assigner-hpe
Assigner Org ID-eb103674-0d28-4225-80f8-39fb86215de0
Published At-19 Oct, 2020 | 17:36
Updated At-04 Aug, 2024 | 15:19
Rejected At-
Credits

A accessmgrservlet classname deserialization of untrusted data remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:hpe
Assigner Org ID:eb103674-0d28-4225-80f8-39fb86215de0
Published At:19 Oct, 2020 | 17:36
Updated At:04 Aug, 2024 | 15:19
Rejected At:
▼CVE Numbering Authority (CNA)

A accessmgrservlet classname deserialization of untrusted data remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

Affected Products
Vendor
n/a
Product
HPE Intelligent Management Center (iMC)
Versions
Affected
  • Prior to iMC PLAT 7.3 (E0705P07)
Problem Types
TypeCWE IDDescription
textN/Aaccessmgrservlet classname deserialization of untrusted data remote code execution
Type: text
CWE ID: N/A
Description: accessmgrservlet classname deserialization of untrusted data remote code execution
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04036en_us
x_refsource_MISC
Hyperlink: https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04036en_us
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04036en_us
x_refsource_MISC
x_transferred
Hyperlink: https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04036en_us
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-alert@hpe.com
Published At:19 Oct, 2020 | 18:15
Updated At:21 Oct, 2020 | 17:21

A accessmgrservlet classname deserialization of untrusted data remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.010.0HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 10.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CPE Matches

HP Inc.
hp
>>intelligent_management_center>>Versions before 7.3(exclusive)
cpe:2.3:a:hp:intelligent_management_center:*:*:*:*:*:*:*:*
HP Inc.
hp
>>intelligent_management_center>>7.3
cpe:2.3:a:hp:intelligent_management_center:7.3:-:*:*:*:*:*:*
HP Inc.
hp
>>intelligent_management_center>>7.3
cpe:2.3:a:hp:intelligent_management_center:7.3:e0501:*:*:*:*:*:*
HP Inc.
hp
>>intelligent_management_center>>7.3
cpe:2.3:a:hp:intelligent_management_center:7.3:e0503:*:*:*:*:*:*
HP Inc.
hp
>>intelligent_management_center>>7.3
cpe:2.3:a:hp:intelligent_management_center:7.3:e0503p02:*:*:*:*:*:*
HP Inc.
hp
>>intelligent_management_center>>7.3
cpe:2.3:a:hp:intelligent_management_center:7.3:e0504:*:*:*:*:*:*
HP Inc.
hp
>>intelligent_management_center>>7.3
cpe:2.3:a:hp:intelligent_management_center:7.3:e0504p02:*:*:*:*:*:*
HP Inc.
hp
>>intelligent_management_center>>7.3
cpe:2.3:a:hp:intelligent_management_center:7.3:e0504p04:*:*:*:*:*:*
HP Inc.
hp
>>intelligent_management_center>>7.3
cpe:2.3:a:hp:intelligent_management_center:7.3:e0504p2:*:*:*:*:*:*
HP Inc.
hp
>>intelligent_management_center>>7.3
cpe:2.3:a:hp:intelligent_management_center:7.3:e0504p4:*:*:*:*:*:*
HP Inc.
hp
>>intelligent_management_center>>7.3
cpe:2.3:a:hp:intelligent_management_center:7.3:e0506:*:*:*:*:*:*
HP Inc.
hp
>>intelligent_management_center>>7.3
cpe:2.3:a:hp:intelligent_management_center:7.3:e0506p02:*:*:*:*:*:*
HP Inc.
hp
>>intelligent_management_center>>7.3
cpe:2.3:a:hp:intelligent_management_center:7.3:e0506p03:*:*:*:*:*:*
HP Inc.
hp
>>intelligent_management_center>>7.3
cpe:2.3:a:hp:intelligent_management_center:7.3:e0506p07:*:*:*:*:*:*
HP Inc.
hp
>>intelligent_management_center>>7.3
cpe:2.3:a:hp:intelligent_management_center:7.3:e0506p09:*:*:*:*:*:*
HP Inc.
hp
>>intelligent_management_center>>7.3
cpe:2.3:a:hp:intelligent_management_center:7.3:e0605:*:*:*:*:*:*
HP Inc.
hp
>>intelligent_management_center>>7.3
cpe:2.3:a:hp:intelligent_management_center:7.3:e0605h02:*:*:*:*:*:*
HP Inc.
hp
>>intelligent_management_center>>7.3
cpe:2.3:a:hp:intelligent_management_center:7.3:e0605h05:*:*:*:*:*:*
HP Inc.
hp
>>intelligent_management_center>>7.3
cpe:2.3:a:hp:intelligent_management_center:7.3:e0605p04:*:*:*:*:*:*
HP Inc.
hp
>>intelligent_management_center>>7.3
cpe:2.3:a:hp:intelligent_management_center:7.3:e0605p06:*:*:*:*:*:*
HP Inc.
hp
>>intelligent_management_center>>7.3
cpe:2.3:a:hp:intelligent_management_center:7.3:e0705:*:*:*:*:*:*
HP Inc.
hp
>>intelligent_management_center>>7.3
cpe:2.3:a:hp:intelligent_management_center:7.3:e0705p02:*:*:*:*:*:*
HP Inc.
hp
>>intelligent_management_center>>7.3
cpe:2.3:a:hp:intelligent_management_center:7.3:e0705p04:*:*:*:*:*:*
HP Inc.
hp
>>intelligent_management_center>>7.3
cpe:2.3:a:hp:intelligent_management_center:7.3:e0705p06:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-502Primarynvd@nist.gov
CWE ID: CWE-502
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04036en_ussecurity-alert@hpe.com
Vendor Advisory
Hyperlink: https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04036en_us
Source: security-alert@hpe.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

1507Records found

CVE-2019-11945
Matching Score-10
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-10
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-78.64% / 99.54%
||
7 Day CHG~0.00%
Published-05 Jun, 2019 | 14:58
Updated-04 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

Action-Not Available
Vendor-n/aHP Inc.
Product-intelligent_management_centerHPE Intelligent Management Center (IMC) PLAT
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2017-5790
Matching Score-10
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-10
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-18.34% / 96.88%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-17 Sep, 2024 | 03:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote deserialization of untrusted data vulnerability in HPE Intelligent Management Center (IMC) PLAT version 7.2 E0403P06 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centerIntelligent Management Center (IMC) PLAT
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2017-5641
Matching Score-10
Assigner-Apache Software Foundation
ShareView Details
Matching Score-10
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-21.27% / 97.29%
||
7 Day CHG~0.00%
Published-28 Dec, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Previous versions of Apache Flex BlazeDS (4.7.2 and earlier) did not restrict which types were allowed for AMF(X) object deserialization by default. During the deserialization process code is executed that for several known types has undesired side-effects. Other, unknown types may also exhibit such behaviors. One vector in the Java standard library exists that allows an attacker to trigger possibly further exploitable Java deserialization of untrusted data. Other known vectors in third party libraries can be used to trigger remote code execution.

Action-Not Available
Vendor-HP Inc.The Apache Software Foundation
Product-flex_blazedsxp_command_view_advanced_editionApache Flex Blaze DS
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2017-12558
Matching Score-10
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-10
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-38.48% / 98.39%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 23:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centerintelligent Management Center (iMC) PLAT
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2017-12557
Matching Score-10
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-10
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-80.12% / 99.57%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 22:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centerintelligent Management Center (iMC) PLAT
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2017-12556
Matching Score-10
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-10
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-38.48% / 98.39%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centerintelligent Management Center (iMC) PLAT
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2017-10992
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-10.48% / 95.20%
||
7 Day CHG~0.00%
Published-10 Mar, 2020 | 12:51
Updated-05 Aug, 2024 | 17:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In HPE Storage Essentials 9.5.0.142, there is Unauthenticated Java Deserialization with remote code execution via OS commands in a request to invoker/JMXInvokerServlet, aka PSRT110461.

Action-Not Available
Vendor-n/aHP Inc.
Product-storage_essentialsn/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2016-8519
Matching Score-10
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-10
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-28.05% / 97.87%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability in HPE Operations Orchestration Community edition and Enterprise edition prior to v10.70 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-operations_orchestrationOperations Orchestration
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2019-11944
Matching Score-10
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-10
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-13.35% / 95.94%
||
7 Day CHG~0.00%
Published-05 Jun, 2019 | 14:57
Updated-04 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

Action-Not Available
Vendor-n/aHP Inc.
Product-intelligent_management_centerHPE Intelligent Management Center (IMC) PLAT
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-36038
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-9||CRITICAL
EPSS-8.02% / 94.07%
||
7 Day CHG~0.00%
Published-25 Jun, 2025 | 20:38
Updated-26 Feb, 2026 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM WebSphere Application Server code execution

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncOracle CorporationHP Inc.Microsoft Corporation
Product-linux_kernelwindowswebsphere_application_serveraixsolarishp-uxiz\/osWebSphere Application Server
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-26507
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.86% / 54.21%
||
7 Day CHG~0.00%
Published-14 Feb, 2025 | 17:01
Updated-15 Jan, 2026 | 14:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Certain HP LaserJet Pro, HP LaserJet Enterprise, HP LaserJet Managed Printers – Potential Remote Code Execution and Potential Elevation of Privilege

Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job.

Action-Not Available
Vendor-HP Inc.
Product-4y279al3u43a3qa75a7ps96a3gy04a3sj34a3sj21a7h5w6aj7z12ay3z68az8z05a3pz95a5rc87a5fm77aj8j65a4pz46ab5l48am0p36aa8zq6a5rc85acf235a3gy10at3u66ae6b72a5cm63a49k98aj8a16a5cm79az8z010a8gr98ax3a60aj7z10a3sj03az8z18a1pv49a5qj90a7ps83a4pz43at3u55aj8j72az8z02ax3a63a3gx98ag1w46v4y280ab5l38a3gy16a7pt00aa91s3am0p32az8z07a5zp01az8z12a6qp99a7ps85a3gy12aj8j67afuturesmart_5x3a59a7h5w7a49k97avg1w40al2762ad7p71a49l02ay3z63a5zn99ax3a78a4pz47a1pv87ad7p70ax3a69a7e357ab5l39a5cm69al3u57a5cm59a8pe98ax3a90a7ps99a8gs50aj7z11a5cm71ay3z60a5fm76aj7z99a3qa55a5qk08a49k84al3u42az8z17a5rc84am0p39af2a71at3u64a8pe94a6qn30a7ps88a3gy19a5cm64ax3a89aa91s1a7ps84az8z08a1pv89ay3z65aa91s5az8z011a6qp98az8z06af2a66acf068a3pz75a5fm80aj8j73a5qj94a6qq00a49k86aj8j78a3gy15acf236aj8a13af2a68a3gn19al3u51aj8a04a1ps55a8pe97a3sj00afuturesmart_4b5l46a5rc88a8gs37ag1w46am0p35a58r10ab5l50a5zp00a3sj19a5cm65ax3a62a115q0awz5g77a6qq01a3gy18a4pa44a5cm75a5cm58a1pv66ak0q17a8gs28az8z23ab5l23a3sj13a3gy32a5cm76a3gy09a5fm81a1pv67al3u64a3pz16a5fm82a8gs15a2gp26a1pv64a1pu52a8gr96a8gr95a2gp25a6qn37ax3a93a3pz35a1ps54a8gs26a6bs57aj8a10a3gy14aj8j74az8z00ax3a72a2gp22a8gs00aj8j66a5qk13aj8j80a6qn33aj8j63aj7z07ak0q14aaz8z20ab5l25a49l04al3u56a8gs27aj8j71az8z22a6qn28afuturesmart_3t3u56a8gs01aa8zq4a6qn35a5qj87a3sj35a6qn31aj7z13al3u55a3sj38a7ps86a8gs29acf238acz245a49l00a6qn36aj7z08a3qa35ak0q15a3pz56at3u44ay3z66af2a80ak0q21a49k96av5rc86a7ps97a7ps82a3sj02a5rc92a115p9awe6b73al2763a9rt92ag1w47v3sj01a58m42a5zn98aj7z03a5qj83ab5l24ax3a74a8pe95ag1w41aj8j70a3sj12ab5l49a19gsawz8z14ax3a75ay3z64a1pu51ax3a84a2gp23af2a70a5qj98a49k90a8gs43a5qk02al3u52a3sj36aa8zq3aj7z98aj7z05a5cm78a5cm66aj7z14ax3a82a3sj37a8gs14a3sj04ab5l54a5qk03a6qp97aj7z04a1pv65az8z0a5rc90ax3a68a7zu86a1pv86a8gs36aa8zq5at3u43a3gy03abl27ax3a80a7ps87a7ps95a3pz55a3pz15acz244al3u63a3sj32am0p40a7ps81a7zu79al3u65ax3a87al3u70a6qn38a3gy20ax3a65a5qj81ax3a86aj7z09a6bs58a8gs30a3sj30ay3z62a5cm68a49k99aj8j76a3gy31af2a79az8z16a8gs25a17f27aw3sj11aj8a06ax3a83ak0q20a7zu81a5cm72a8pe96acf367aj8a05a5fm78az8z19j8j64ax3a77a8gs12a7zu88ak0q19a3sj28a3sj29aj8a11ax3a71a5qk18al3u69a7zu87a9rt91a7ps94az8z13a3sj22a3gy17ab5l47a3gy26ay3z61af2a67a*5rc91aa2w76ax3a81a7zu78aa91s7al3u66ak0q22a3gy25ax3a79a5cm77a5rc89a8gr94af2a69ay3z49ab5l26az8z04ag1w39a4pz45aj8a12am0p33aj7z06a5cm61az5g79a8gs44a5qk20a8gs13acf069a7ps98a7zu85a8gr97aa8zq7acf067acf066a8gr99ag1w47az8z09a3sj33az8z15aa8zq2a5cm70ak0q18aj8j79a5rc83a1pv88a5qk15al3u67aa2w75ax3a66a6qn29a6bs59aj8a17a3sj20ax3a92a7pt01az8z01aCertain HP LaserJet Pro, HP LaserJet Enterprise, HP LaserJet Managed Printers
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2025-26506
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-9.2||CRITICAL
EPSS-1.02% / 59.28%
||
7 Day CHG~0.00%
Published-14 Feb, 2025 | 16:58
Updated-15 Jan, 2026 | 14:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Certain HP LaserJet Pro, HP LaserJet Enterprise, HP LaserJet Managed Printers – Potential Remote Code Execution and Potential Elevation of Privilege

Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job.

Action-Not Available
Vendor-HP Inc.
Product-499q4f4ra89a_firmware8d7l2a4ra81e_firmware499n1a499q7e_firmware4ra84a499q9f_firmware4ra84f4ra86e8d7l1a_firmware4ra88f499q5f_firmware74t92f499q8a499r0e499q6e8d7l2a_firmware5hh65a499r0f_firmware499q5fr_firmware499n4a_firmware499q4f_firmware5hh52a_firmware74t92a_firmware4ra80f_firmware4ra80a499n0a759v1f499m6a4ra89v5hh59a499q6f5hh48v5hh48a_firmware4ra87f_firmware5hh73a499q5f5hh51a_firmware4ra86a_firmware499q7a_firmware499q6f_firmware4ra82f5hh67a_firmware5hh64a_firmware4ra84e_firmware499q8a_firmware4ra83e4ra80e499n6a4ra84f_firmware499q6e_firmware5hh72a499q5e_firmware74t92a499m7a499q9e499q9a_firmware74p27a4ra81f_firmware4ra81e4ra83a_firmware4ra86f_firmware5hh64f_firmware4ra85v759v0e759v0f759v1e_firmware5hh48a4ra81f4ra87e_firmware759v0f_firmware759v2e_firmware4ra83a759v2e4ra82a_firmware499q3a_firmware74p26a_firmware759v2f_firmware499r0a8d7l1a499q3e_firmware499m8a4ra85v_firmware499q9a4ra87f499n1a_firmware4ra89a5hh67a4ra85f8d7l0a_firmware499q5fr499q8e_firmware74p28a499q5e4ra82fr5hh66a4ra85a499q7f_firmware5hh53a_firmware499q9f5hh73a_firmware4ra88f_firmware4ra86e_firmware499m9a_firmware499q8f5hh48v_firmware759v1f_firmware499q7a4ra83e_firmware499q4e_firmware4ra89v_firmware4ra80f499m9a4ra86a499q3e499q8e499n6a_firmware499n0a_firmware4ra87a4ra82fr_firmware4ra81fr_firmware499q5a499r0a_firmware499q3a4ra83f74p25a_firmware4ra80a_firmware499n5a_firmware499q7f499q6a5hh52a499q3f_firmware499r0e_firmware5hh72a_firmware4ra81fr499r0f499n4a4ra82f_firmware4ra82a4ra85a_firmware4ra88a_firmware4ra84e5hh59a_firmware4ra80e_firmware4ra85e_firmware4ra85e5hh64e4ra85f_firmware74p26a74p28a_firmware4ra87a_firmware74t92e74p27a_firmware4ra81a_firmware499q5a_firmware5hh64f499q7e759v2f499q4e499m7a_firmware499q6a_firmware4ra87e4ra88e_firmware5hh65a_firmware74t92f_firmware4ra88e4ra81a4ra84a_firmware5hh51a8d7l0a5hh64e_firmware499q8f_firmware74t92e_firmware74p25a5hh64a4ra88a4ra83f_firmware5hh53a759v0e_firmware4ra82e_firmware4ra86f499q3f4ra82e759v1e499n5a5hh66a_firmware499m6a_firmware499m8a_firmware499q9e_firmwareCertain HP LaserJet Pro, HP LaserJet Enterprise, HP LaserJet Managed Printers
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2026-8631
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-9.3||CRITICAL
EPSS-1.33% / 67.68%
||
7 Day CHG+0.66%
Published-20 May, 2026 | 20:11
Updated-30 Jun, 2026 | 12:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HP Linux Imaging and Printing Software – Potential Escalation of Privilege and Arbitrary Code Execution

A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or arbitrary code execution via an integer overflow in the hpcups processing path when handling crafted print data.

Action-Not Available
Vendor-HP IncRed Hat, Inc.HP Inc.
Product-linux_imaging_and_printingHP Linux Imaging and Printing SoftwareRed Hat Enterprise Linux 7Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux 6Red Hat Enterprise Linux AppStream (v. 10)
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-26508
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-8.3||HIGH
EPSS-0.90% / 55.16%
||
7 Day CHG~0.00%
Published-14 Feb, 2025 | 17:03
Updated-15 Jan, 2026 | 14:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Certain HP LaserJet Pro, HP LaserJet Enterprise, HP LaserJet Managed Printers – Potential Remote Code Execution and Potential Elevation of Privilege

Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job.

Action-Not Available
Vendor-HP Inc.
Product-4y279al3u43a499q4f3qa75a7ps96a3sj34a4ra84a7h5w6aj7z12a4ra86ez8z05a4ra88f3pz95a5rc87a5fm77aj8j65a4pz46ab5l48at3u66a49k98aj8a16a5hh52a_firmware74t92a_firmware3sj03a1pv49a5hh59a5hh48vj8j72a4ra87f_firmware499q5f5hh51a_firmwareb5l38a3gy16am0p32az8z07a5zp01az8z12a7ps85a4ra82f5hh67a_firmware4ra84e_firmwarex3a59a7h5w7a49k97avg1w40ay3z63a4ra84f_firmware4pz47a1pv87ad7p70a499q9e7e357a74p27a4ra81e5cm69a5cm59ax3a90a759v0ej7z11a4ra85v4ra83ay3z60aj7z99a499q3e_firmwarel3u42a5rc84a499n1a_firmware6qn30a5cm64a3gy19ax3a89a7ps84az8z08a5hh66a4ra85a499q7f_firmware5hh53a_firmware499q9f6qp98af2a66a3pz75a5qj94aj8j73a49k86aj8j78a499q7acf236aj8a13af2a68a3gn19aj8a04a8pe97a1ps55a4ra86a4ra87a499q5a74p25a_firmware4ra83fg1w46am0p35a58r10a5hh72a_firmware3sj19ax3a62a4pa44a4ra84e4ra80e_firmware5hh64ek0q17ab5l23a3sj13a3gy09a8gs15a2gp26a1pv64a4ra84a_firmware1pu52a8gr96a2gp25a74t92e_firmware6qn37a5hh64a5hh53a4ra83f_firmware1ps54a6bs57a3gy14az8z00ax3a72a4ra86f759v1e8gs00aj8j80a4ra89a_firmwarej8j63aj7z07a8gs27a4ra84f499q5f_firmware74t92f5qj87a5hh65aj7z13a3sj38a7ps86a499r0f_firmware499n4a_firmwarecz245ak0q15a4ra80f_firmwaret3u44a499n0ay3z66a499m6ak0q21a7ps97a5hh73a115p9awe6b73a9rt92a499q7a_firmware58m42ab5l24ax3a74a8pe95a3sj12ab5l49az8z14ax3a75a1pu51ax3a84a2gp23af2a70a4ra80e3sj36a499n6aj7z98aj7z05aj7z14a3sj37a499m7a8gs14a3sj04ab5l54a4ra81f_firmware4ra83a_firmware1pv65a5rc90a5hh64f_firmware759v2e7zu86a4ra81f759v0f_firmware8gs36aa8zq5a4ra82a_firmware3gy03a74p26a_firmware759v2f_firmware8d7l1a7ps87acz244a4ra87f7ps81a7zu79al3u65ax3a87al3u70a8d7l0a_firmware6qn38a3gy20ax3a65a5qj81a74p28ax3a86aj7z09a6bs58a4ra88f_firmwarey3z62a499m9a_firmware5cm68aj8j76a17f27aw3sj11aj8a06a499q4e_firmwarecf367aj8a05a5fm78az8z19j8j64ax3a77a499n0a_firmware4ra82fr_firmwarek0q19a3sj29a499r0a_firmwarej8a11ax3a71a5qk18a499q7f7ps94a3gy17a499r0e_firmwareb5l47a4ra81frf2a67a*a2w76ax3a81al3u66a4ra82f_firmware5cm77a4ra88a_firmware4ra85e_firmware4ra85ef2a69az8z04a4pz45aj7z06a4ra87a_firmware8gs44a5qk20a8gs13aa8zq7acf067a499q4e499m7a_firmware4ra81ag1w47az8z09a3sj33aj8j79a4ra82e_firmware1pv88a5qk15al3u67aa2w75a499q3f499n5a6bs59ax3a92a7pt01a6qn33a499q9e_firmwarez8z01a3gy04a3sj21a499n1a499q9f_firmwarey3z68a499q6em0p36aa8zq6a5rc85acf235a3gy10a499q5fr_firmwaree6b72a5cm63a5cm79az8z010a8gr98ax3a60a4ra80aj7z10az8z18a5qj90a4ra89v7ps83a4pz43at3u55a5hh48a_firmwarez8z02ax3a63a3gx98ag1w46v4y280a7pt00aa91s3a6qp99a3gy12aj8j67a499q6f_firmwarefuturesmart_5l2762ad7p71a49l02a5zn99a4ra83e499q6e_firmwarex3a78a5hh72a499q5e_firmwarex3a69ab5l39al3u57a4ra86f_firmware8pe98a7ps99a8gs50a759v0f759v1e_firmware759v2e_firmware5cm71a5fm76a3qa55a5qk08a499q3a_firmware49k84az8z17a499m8a4ra85v_firmwarem0p39af2a71at3u64a8pe94a5hh67a7ps88aa91s1a4ra85f499q8e_firmware499q5e1pv89aa91s5a4ra86e_firmwarez8z011az8z06acf068a5fm80a5hh48v_firmware6qq00a3gy15a4ra89v_firmwarel3u51a499m9a3sj00afuturesmart_4b5l46a4ra81fr_firmware5rc88a8gs37a499n5a_firmwareb5l50a5zp00a5cm65az5g77a115q0aw499r0f6qq01a3gy18a5cm75a5cm58a1pv66a8gs28a4ra85f_firmwarez8z23a74p26a74p28a_firmware3gy32a5cm76a74p27a_firmware5fm81a4ra81a_firmware5hh64f1pv67a499q7e499q6a_firmware4ra87el3u64a3pz16a74t92f_firmware5fm82a4ra88e5hh51a8gr95ax3a93a3pz35a8gs26aj8a10aj8j74a2gp22a4ra82e5hh66a_firmwarej8j66a5qk13a8d7l2a4ra81e_firmware499q7e_firmwarek0q14aaz8z20ab5l25a49l04al3u56aj8j71a8d7l1a_firmwarez8z22a6qn28afuturesmart_3t3u56a8gs01a499q8aa8zq4a499r0e6qn35a8d7l2a_firmware3sj35a6qn31al3u55a8gs29acf238a499q4f_firmware49l00a6qn36aj7z08a3qa35a3pz56a759v1ff2a80a49k96av499q6f5rc86a7ps82a3sj02a5rc92al2763ag1w47v3sj01a4ra86a_firmware5zn98aj7z03a5qj83ag1w41aj8j70a19gsawy3z64a5hh64a_firmware5qj98a49k90a8gs43a499q8a_firmware5qk02al3u52aa8zq3a5cm78a5cm66ax3a82a74t92a499q9a_firmware5qk03a6qp97aj7z04az8z0ax3a68a5hh48a4ra87e_firmware1pv86at3u43abl27ax3a80a499r0a3pz55a7ps95a3pz15a499q9al3u63a3sj32am0p40a4ra89a499q5fr4ra82fr8gs30a5hh73a_firmware3sj30a499q8f49k99a3gy31af2a79az8z16a8gs25ax3a83a759v1f_firmwarek0q20a7zu81a4ra83e_firmware5cm72a4ra80f8pe96a499q3e499q8e499n6a_firmware8gs12a7zu88a3sj28a499q3a4ra80a_firmwarel3u69a7zu87a9rt91a499q6az8z13a3sj22a499q3f_firmware5hh52a3gy26ay3z61a5rc91a7zu78aa91s7a499n4ak0q22a3gy25ax3a79a4ra82a5rc89a8gr94a5hh59a_firmware4ra85a_firmwarey3z49ab5l26ag1w39aj8a12am0p33a5cm61az5g79a74t92ecf069a7ps98a7zu85a8gr97a499q5a_firmware759v2fcf066a8gr99a5hh65a_firmware4ra88e_firmware8d7l0a5hh64e_firmwarez8z15aa8zq2a499q8f_firmware5cm70a74p25a759v0e_firmwarek0q18a4ra88a5rc83ax3a66a6qn29aj8a17a3sj20a499m6a_firmware499m8a_firmwarey3z65aCertain HP LaserJet Pro, HP LaserJet Enterprise, HP LaserJet Managed Printers
CWE ID-CWE-787
Out-of-bounds Write
CVE-2007-2791
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-6.46% / 92.90%
||
7 Day CHG~0.00%
Published-22 May, 2007 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Secure Shell (SSH) in HP Tru64 UNIX 5.1B-4 and 5.1B-3 allows remote attackers to identify valid users via unspecified vectors, probably related to timing attacks and AuthInteractiveFailureRandomTimeout.

Action-Not Available
Vendor-n/aHP Inc.
Product-tru64n/a
CVE-2003-0085
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-87.92% / 99.74%
||
7 Day CHG~0.00%
Published-18 Mar, 2003 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the SMB/CIFS packet fragment re-assembly code for SMB daemon (smbd) in Samba before 2.2.8, and Samba-TNG before 0.3.1, allows remote attackers to execute arbitrary code.

Action-Not Available
Vendor-n/aHP Inc.Samba
Product-cifs-9000_serversamban/a
CVE-2013-6194
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-10||HIGH
EPSS-65.92% / 99.18%
||
7 Day CHG~0.00%
Published-04 Jan, 2014 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1905.

Action-Not Available
Vendor-n/aHP Inc.
Product-storage_data_protectorn/a
CVE-2013-6221
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-10||HIGH
EPSS-77.94% / 99.52%
||
7 Day CHG~0.00%
Published-18 Jun, 2014 | 16:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in CommunicationServlet in HP Service Virtualization 3.x before 3.50.1, when the AutoPass license server is enabled, allows remote attackers to create arbitrary files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-2031.

Action-Not Available
Vendor-n/aHP Inc.
Product-service_virtualizationn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-24646
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-6.73% / 93.15%
||
7 Day CHG~0.00%
Published-19 Oct, 2020 | 17:34
Updated-04 Aug, 2024 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A tftpserver stack-based buffer overflow remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

Action-Not Available
Vendor-n/aHP Inc.
Product-intelligent_management_centerHPE Intelligent Management Center (iMC)
CWE ID-CWE-787
Out-of-bounds Write
CVE-2013-6218
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-10||HIGH
EPSS-8.70% / 94.48%
||
7 Day CHG~0.00%
Published-19 Apr, 2014 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x, 9.1x, and 9.2x allows remote attackers to execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-network_node_manager_in/a
CVE-2013-4798
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-10||HIGH
EPSS-67.72% / 99.23%
||
7 Day CHG~0.00%
Published-26 Jul, 2013 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1705.

Action-Not Available
Vendor-n/aHP Inc.
Product-loadrunnern/a
CVE-2013-4837
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-10||HIGH
EPSS-62.62% / 99.09%
||
7 Day CHG~0.00%
Published-04 Nov, 2013 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1832.

Action-Not Available
Vendor-n/aHP Inc.
Product-loadrunnern/a
CVE-2013-4810
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-9.8||CRITICAL
EPSS-79.00% / 99.55%
||
7 Day CHG~0.00%
Published-13 Sep, 2013 | 18:00
Updated-21 Apr, 2026 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-15||Apply updates per vendor instructions.

HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet or (2) JMXInvokerServlet, aka ZDI-CAN-1760. NOTE: this is probably a duplicate of CVE-2007-1036, CVE-2010-0738, and/or CVE-2012-0874.

Action-Not Available
Vendor-n/aHP Inc.
Product-application_lifecycle_managementprocurve_managern/aProCurve Manager (PCM), PCM+, Identity Driven Manager (IDM), and Application Lifecycle Management
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2013-4822
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-10||HIGH
EPSS-62.62% / 99.09%
||
7 Day CHG~0.00%
Published-13 Oct, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Branch Intelligent Management System Software Module (aka BIMS) allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1606.

Action-Not Available
Vendor-n/aHP Inc.
Product-intelligent_management_centerimc_branch_intelligent_management_system_software_modulen/a
CVE-2013-4841
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-10||HIGH
EPSS-10.44% / 95.18%
||
7 Day CHG~0.00%
Published-26 Feb, 2014 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in dbd_manager in LeftHand OS before 11.0 in HP StoreVirtual 4000 and StoreVirtual VSA Software (formerly LeftHand Virtual SAN Appliance) allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1509.

Action-Not Available
Vendor-n/aHP Inc.
Product-storevirtual_virtual_storage_appliancelefthandstorevirtual_4000n/a
CVE-2013-4813
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-10||HIGH
EPSS-8.51% / 94.38%
||
7 Day CHG~0.00%
Published-13 Sep, 2013 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Agent (aka AgentController) servlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 allows remote attackers to execute arbitrary commands via a HEAD request, aka ZDI-CAN-1745.

Action-Not Available
Vendor-n/aHP Inc.
Product-procurve_manageridentity_driven_managern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2013-4812
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-10||HIGH
EPSS-51.90% / 98.82%
||
7 Day CHG~0.00%
Published-13 Sep, 2013 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

UpdateCertificatesServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the fileName argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743.

Action-Not Available
Vendor-n/aHP Inc.
Product-procurve_manageridentity_driven_managern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-4811
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-10||HIGH
EPSS-71.29% / 99.33%
||
7 Day CHG~0.00%
Published-13 Sep, 2013 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

UpdateDomainControllerServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the adCert argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743.

Action-Not Available
Vendor-n/aHP Inc.
Product-procurve_manageridentity_driven_managern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2007-0915
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-3.90% / 88.98%
||
7 Day CHG~0.00%
Published-14 Feb, 2007 | 02:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Distributed SLS daemon (SLSd) on HP-UX B.11.11 allows remote attackers to overwrite arbitrary files and gain privileges via a crafted RPC request.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CVE-2013-3573
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-10||HIGH
EPSS-4.28% / 89.91%
||
7 Day CHG~0.00%
Published-14 Jun, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Insight Diagnostics 9.4.0.4710 allows remote attackers to conduct unspecified injection attacks via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-insight_diagnosticsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-2348
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-10||HIGH
EPSS-10.44% / 95.18%
||
7 Day CHG~0.00%
Published-04 Jan, 2014 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1892.

Action-Not Available
Vendor-n/aHP Inc.
Product-storage_data_protectorn/a
CVE-2013-2335
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-10||HIGH
EPSS-61.04% / 99.05%
||
7 Day CHG~0.00%
Published-06 Jun, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1733.

Action-Not Available
Vendor-n/aHP Inc.
Product-storage_data_protectorn/a
CVE-2013-2324
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-10||HIGH
EPSS-39.12% / 98.41%
||
7 Day CHG~0.00%
Published-06 Jun, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1629.

Action-Not Available
Vendor-n/aHP Inc.
Product-storage_data_protectorn/a
CVE-2013-2350
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-10||HIGH
EPSS-10.44% / 95.19%
||
7 Day CHG~0.00%
Published-04 Jan, 2014 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1897.

Action-Not Available
Vendor-n/aHP Inc.
Product-storage_data_protectorn/a
CVE-2013-2340
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-10||HIGH
EPSS-10.72% / 95.28%
||
7 Day CHG~0.00%
Published-06 Jul, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability on the HP ProCurve JC###A, JC###B, JD###A, JD###B, JE###A, JF###A, JF###B, JF###C, JG###A, 658250-B21, and 658247-B21; HP 3COM routers and switches; and HP H3C routers and switches allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-h3c_processing_moduleh3c_processor_moduleprocurve_switchh3c_ethernet_switchh3c_high_performance_main_processing_unith3c_switchvpn_firewall_appliance3com_router3com_taa_switch3com_switchh3c_routerh3c_routing_switchprocurve_router3com_switch_taa_compliant3com_baseline_plus_switchn/a
CVE-2013-2345
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-10||HIGH
EPSS-10.44% / 95.19%
||
7 Day CHG~0.00%
Published-04 Jan, 2014 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1869.

Action-Not Available
Vendor-n/aHP Inc.
Product-storage_data_protectorn/a
CVE-2013-2338
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-10||HIGH
EPSS-10.72% / 95.28%
||
7 Day CHG~0.00%
Published-14 Jun, 2013 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability on HP Integrated Lights-Out 3 (aka iLO3) cards with firmware before 1.57 and 4 (aka iLO4) cards with firmware before 1.22, when Single-Sign-On (SSO) is used, allows remote attackers to execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-integrated_lights-out_4_firmwareintegrated_lights-out_3_firmwaren/a
CVE-2013-2327
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-10||HIGH
EPSS-61.04% / 99.05%
||
7 Day CHG~0.00%
Published-06 Jun, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1635.

Action-Not Available
Vendor-n/aHP Inc.
Product-storage_data_protectorn/a
CVE-2013-2325
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-10||HIGH
EPSS-61.04% / 99.04%
||
7 Day CHG~0.00%
Published-06 Jun, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1633.

Action-Not Available
Vendor-n/aHP Inc.
Product-storage_data_protectorn/a
CVE-2002-0679
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-23.26% / 97.50%
||
7 Day CHG~0.00%
Published-02 Apr, 2003 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) allows remote attackers to execute arbitrary code via an argument to the _TT_CREATE_FILE procedure.

Action-Not Available
Vendor-compaqxi_graphicsn/aHP Inc.IBM CorporationSun Microsystems (Oracle Corporation)The MITRE Corporation (Caldera)
Product-sunosdextopsolaristru64hp-uxunixwareaixopenunixn/a
CVE-2012-5201
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-10||HIGH
EPSS-63.74% / 99.12%
||
7 Day CHG~0.00%
Published-09 Mar, 2013 | 11:01
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1611.

Action-Not Available
Vendor-n/aHP Inc.
Product-intelligent_management_centerintelligent_management_center_for_automated_network_managern/a
CVE-2006-5558
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-7.29% / 93.62%
||
7 Day CHG~0.00%
Published-27 Oct, 2006 | 16:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Format string vulnerability in the swask command in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via format string specifiers in the -s argument. NOTE: this might be a duplicate of CVE-2006-2574, but the details relating to CVE-2006-2574 are too vague to be certain.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CVE-2012-5209
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-10||HIGH
EPSS-8.58% / 94.42%
||
7 Day CHG~0.00%
Published-09 Mar, 2013 | 11:01
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1659.

Action-Not Available
Vendor-n/aHP Inc.
Product-intelligent_management_centerintelligent_management_center_for_automated_network_managern/a
CVE-2012-3254
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-10||HIGH
EPSS-9.59% / 94.89%
||
7 Day CHG~0.00%
Published-30 Aug, 2012 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in HP iNode Management Center before iNode PC 5.1 E0304 allow remote attackers to execute arbitrary code via crafted input, as demonstrated by a stack-based buffer overflow in iNodeMngChecker.exe for a crafted 0x0A0BF007 packet.

Action-Not Available
Vendor-n/aHP Inc.
Product-inode_management_center_pcn/a
CVE-2012-3260
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-10||HIGH
EPSS-38.38% / 98.39%
||
7 Day CHG~0.00%
Published-25 Sep, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1462.

Action-Not Available
Vendor-n/aHP Inc.
Product-sitescopen/a
CVE-2006-5151
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-4.21% / 89.77%
||
7 Day CHG+0.03%
Published-03 Oct, 2006 | 23:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP Ignite-UX server before C.6.9.150 for HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to "gain root access" via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CVE-1999-0696
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-12.16% / 95.65%
||
7 Day CHG~0.00%
Published-02 Jun, 2000 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd).

Action-Not Available
Vendor-n/aHP Inc.Sun Microsystems (Oracle Corporation)
Product-sunoshp-uxsolarisn/a
CVE-2012-3262
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-10||HIGH
EPSS-8.58% / 94.42%
||
7 Day CHG~0.00%
Published-25 Sep, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1464.

Action-Not Available
Vendor-n/aHP Inc.
Product-sitescopen/a
CVE-2012-3258
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-10||HIGH
EPSS-9.92% / 95.01%
||
7 Day CHG~0.00%
Published-19 Sep, 2012 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP Operations Orchestration 9.0 before 9.03 allows remote attackers to execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-operations_orchestrationn/a
CVE-2012-3270
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-10||HIGH
EPSS-4.39% / 90.13%
||
7 Day CHG~0.00%
Published-07 Nov, 2012 | 23:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP Performance Insight 5.31, 5.40, and 5.41, when Sybase is used, allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-3269.

Action-Not Available
Vendor-n/aHP Inc.
Product-performance_insightn/a
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 30
  • 31
  • Next
Details not found