Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-31470

Summary
Assigner-hpe
Assigner Org ID-eb103674-0d28-4225-80f8-39fb86215de0
Published At-14 May, 2024 | 22:26
Updated At-24 Jun, 2025 | 13:29
Rejected At-
Credits

There is a buffer overflow vulnerability in the underlying SAE (Simultaneous Authentication of Equals) service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:hpe
Assigner Org ID:eb103674-0d28-4225-80f8-39fb86215de0
Published At:14 May, 2024 | 22:26
Updated At:24 Jun, 2025 | 13:29
Rejected At:
â–¼CVE Numbering Authority (CNA)

There is a buffer overflow vulnerability in the underlying SAE (Simultaneous Authentication of Equals) service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Affected Products
Vendor
Hewlett Packard Enterprise (HPE)Hewlett Packard Enterprise (HPE)
Product
AOS-8 Instant and AOS-10 AP
Default Status
unaffected
Versions
Affected
  • From 10.5.0.0 through 10.5.1.0 (semver)
  • From 10.4.0.0 through 10.4.1.0 (semver)
  • From 8.11.0.0 through 8.11.2.1 (semver)
  • From 8.10.0.0 through 8.10.0.10 (semver)
  • From 8.6.0.0 through 8.6.0.23 (semver)
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
reporter
Chancen
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04647en_us&docLocale=en_US
N/A
Hyperlink: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04647en_us&docLocale=en_US
Resource: N/A
â–¼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Vendor
Aruba Networksarubanetworks
Product
arubaos
CPEs
  • cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 10.5.0.0 through 10.5.1.0 (custom)
Vendor
Aruba Networksarubanetworks
Product
arubaos
CPEs
  • cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 10.4.0.0 through 10.4.1.0 (custom)
Vendor
Aruba Networksarubanetworks
Product
instant
CPEs
  • cpe:2.3:o:arubanetworks:instant:8.10.0.0:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 8.10.0.0 through 8.10.0.10 (custom)
Vendor
Aruba Networksarubanetworks
Product
instant
CPEs
  • cpe:2.3:o:arubanetworks:instant:8.11.0.0:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 8.11.0.0 through 8.11.2.1 (custom)
Vendor
Aruba Networksarubanetworks
Product
instant
CPEs
  • cpe:2.3:o:arubanetworks:instant:8.6.0.0:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 8.6.0.0 through 8.6.0.23 (custom)
Vendor
Aruba Networksarubanetworks
Product
arubaos
CPEs
  • cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 10.3.0.0 before 10.4.0.0 (custom)
Vendor
Aruba Networksarubanetworks
Product
instant
CPEs
  • cpe:2.3:o:arubanetworks:instant:8.9.0.0:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 8.9.0.0 before 8.10.0.0 (custom)
Vendor
Aruba Networksarubanetworks
Product
instant
CPEs
  • cpe:2.3:o:arubanetworks:instant:8.8.0.0:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 8.8.0.0 before 8.9.0.0 (custom)
Vendor
Aruba Networksarubanetworks
Product
instant
CPEs
  • cpe:2.3:o:arubanetworks:instant:8.5.0.0:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 8.5.0.0 before 8.6.0.0 (custom)
Vendor
Aruba Networksarubanetworks
Product
instant
CPEs
  • cpe:2.3:o:arubanetworks:instant:8.7.0.0:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 8.7.0.0 before 8.8.0.0 (custom)
Vendor
Aruba Networksarubanetworks
Product
instant
CPEs
  • cpe:2.3:o:arubanetworks:instant:8.4.0.0:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 8.4.0.0 before 8.5.0.0 (custom)
Vendor
Aruba Networksarubanetworks
Product
instant
CPEs
  • cpe:2.3:o:arubanetworks:instant:6.5.0.0:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 6.5.0.0 before 6.6.0.0 (custom)
Vendor
Aruba Networksarubanetworks
Product
instant
CPEs
  • cpe:2.3:o:arubanetworks:instant:6.4.0.0:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 6.4.0.0 before 6.5.0.0 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-121CWE-121 Stack-based Buffer Overflow
Type: CWE
CWE ID: CWE-121
Description: CWE-121 Stack-based Buffer Overflow
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt
x_transferred
Hyperlink: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt
Resource:
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-alert@hpe.com
Published At:14 May, 2024 | 23:15
Updated At:05 Jun, 2025 | 15:25

There is a buffer overflow vulnerability in the underlying SAE (Simultaneous Authentication of Equals) service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Aruba Networks
arubanetworks
>>arubaos>>Versions from 10.3.0.0(inclusive) to 10.4.1.1(exclusive)
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*
Aruba Networks
arubanetworks
>>arubaos>>Versions from 10.5.0.0(inclusive) to 10.5.1.1(exclusive)
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*
HP Inc.
hp
>>instantos>>Versions from 6.4.0.0(inclusive) to 8.6.0.24(exclusive)
cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*
HP Inc.
hp
>>instantos>>Versions from 8.7.0.0(inclusive) to 8.10.0.11(exclusive)
cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-121Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-121
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txtsecurity-alert@hpe.com
Vendor Advisory
Broken Link
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txtaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Broken Link
Hyperlink: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt
Source: security-alert@hpe.com
Resource:
Vendor Advisory
Broken Link
Hyperlink: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Broken Link

Change History

0
Information is not available yet

Similar CVEs

776Records found
CVE-2024-33512
Matching Score-10
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-10
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-22.84% / 95.75%
||
7 Day CHG~0.00%
Published-01 May, 2024 | 14:57
Updated-02 Aug, 2024 | 02:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a buffer overflow vulnerability in the underlying Local User Authentication Database service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Action-Not Available
Vendor-Aruba NetworksHewlett Packard Enterprise (HPE)
Product-Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Centralarubaossd-wan
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-31469
Matching Score-10
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-10
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-3.10% / 86.48%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 22:25
Updated-24 Jun, 2025 | 13:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There are buffer overflow vulnerabilities in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Action-Not Available
Vendor-Aruba NetworksHP Inc.Hewlett Packard Enterprise (HPE)
Product-arubaosinstantosAOS-8 Instant and AOS-10 APinstantarubaos
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-31468
Matching Score-10
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-10
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-1.62% / 81.45%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 22:24
Updated-24 Jun, 2025 | 13:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There are buffer overflow vulnerabilities in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Action-Not Available
Vendor-Aruba NetworksHP Inc.Hewlett Packard Enterprise (HPE)
Product-arubaosinstantosAOS-8 Instant and AOS-10 APinstantarubaos
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-31466
Matching Score-10
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-10
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-1.62% / 81.45%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 22:04
Updated-24 Jun, 2025 | 13:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated Buffer Overflow Vulnerabilities in CLI Service Accessed by the PAPI Protocol

There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Action-Not Available
Vendor-Aruba NetworksHP Inc.Hewlett Packard Enterprise (HPE)
Product-arubaosinstantosAOS-8 Instant and AOS-10 APinstantarubaos
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-31467
Matching Score-10
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-10
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-1.62% / 81.45%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 22:08
Updated-24 Jun, 2025 | 13:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated Buffer Overflow Vulnerabilities in CLI Service Accessed by the PAPI Protocol

There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Action-Not Available
Vendor-Aruba NetworksHP Inc.Hewlett Packard Enterprise (HPE)
Product-arubaosinstantosAOS-8 Instant and AOS-10 APinstantarubaos
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-26305
Matching Score-10
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-10
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-16.45% / 94.71%
||
7 Day CHG~0.00%
Published-01 May, 2024 | 14:52
Updated-02 Aug, 2024 | 00:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a buffer overflow vulnerability in the underlying Utility daemon that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Action-Not Available
Vendor-Aruba NetworksHewlett Packard Enterprise (HPE)
Product-Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Centralarubaossd-wan
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-26304
Matching Score-10
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-10
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-73.24% / 98.75%
||
7 Day CHG~0.00%
Published-01 May, 2024 | 14:43
Updated-02 Aug, 2024 | 00:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a buffer overflow vulnerability in the underlying L2/L3 Management service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Action-Not Available
Vendor-Aruba NetworksHewlett Packard Enterprise (HPE)
Product-Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Centralarubaossd-wan
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-33511
Matching Score-10
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-10
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-22.85% / 95.75%
||
7 Day CHG~0.00%
Published-01 May, 2024 | 14:54
Updated-02 Aug, 2024 | 02:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a buffer overflow vulnerability in the underlying Automatic Reporting service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Action-Not Available
Vendor-Aruba NetworksHewlett Packard Enterprise (HPE)
Product-Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Centralarubaossd-wan
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2025-26507
Matching Score-10
Assigner-HP Inc.
ShareView Details
Matching Score-10
Assigner-HP Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.26% / 48.98%
||
7 Day CHG~0.00%
Published-14 Feb, 2025 | 17:01
Updated-15 Jan, 2026 | 14:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Certain HP LaserJet Pro, HP LaserJet Enterprise, HP LaserJet Managed Printers – Potential Remote Code Execution and Potential Elevation of Privilege

Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job.

Action-Not Available
Vendor-HP Inc.
Product-4y279al3u43a3qa75a7ps96a3gy04a3sj34a3sj21a7h5w6aj7z12ay3z68az8z05a3pz95a5rc87a5fm77aj8j65a4pz46ab5l48am0p36aa8zq6a5rc85acf235a3gy10at3u66ae6b72a5cm63a49k98aj8a16a5cm79az8z010a8gr98ax3a60aj7z10a3sj03az8z18a1pv49a5qj90a7ps83a4pz43at3u55aj8j72az8z02ax3a63a3gx98ag1w46v4y280ab5l38a3gy16a7pt00aa91s3am0p32az8z07a5zp01az8z12a6qp99a7ps85a3gy12aj8j67afuturesmart_5x3a59a7h5w7a49k97avg1w40al2762ad7p71a49l02ay3z63a5zn99ax3a78a4pz47a1pv87ad7p70ax3a69a7e357ab5l39a5cm69al3u57a5cm59a8pe98ax3a90a7ps99a8gs50aj7z11a5cm71ay3z60a5fm76aj7z99a3qa55a5qk08a49k84al3u42az8z17a5rc84am0p39af2a71at3u64a8pe94a6qn30a7ps88a3gy19a5cm64ax3a89aa91s1a7ps84az8z08a1pv89ay3z65aa91s5az8z011a6qp98az8z06af2a66acf068a3pz75a5fm80aj8j73a5qj94a6qq00a49k86aj8j78a3gy15acf236aj8a13af2a68a3gn19al3u51aj8a04a1ps55a8pe97a3sj00afuturesmart_4b5l46a5rc88a8gs37ag1w46am0p35a58r10ab5l50a5zp00a3sj19a5cm65ax3a62a115q0awz5g77a6qq01a3gy18a4pa44a5cm75a5cm58a1pv66ak0q17a8gs28az8z23ab5l23a3sj13a3gy32a5cm76a3gy09a5fm81a1pv67al3u64a3pz16a5fm82a8gs15a2gp26a1pv64a1pu52a8gr96a8gr95a2gp25a6qn37ax3a93a3pz35a1ps54a8gs26a6bs57aj8a10a3gy14aj8j74az8z00ax3a72a2gp22a8gs00aj8j66a5qk13aj8j80a6qn33aj8j63aj7z07ak0q14aaz8z20ab5l25a49l04al3u56a8gs27aj8j71az8z22a6qn28afuturesmart_3t3u56a8gs01aa8zq4a6qn35a5qj87a3sj35a6qn31aj7z13al3u55a3sj38a7ps86a8gs29acf238acz245a49l00a6qn36aj7z08a3qa35ak0q15a3pz56at3u44ay3z66af2a80ak0q21a49k96av5rc86a7ps97a7ps82a3sj02a5rc92a115p9awe6b73al2763a9rt92ag1w47v3sj01a58m42a5zn98aj7z03a5qj83ab5l24ax3a74a8pe95ag1w41aj8j70a3sj12ab5l49a19gsawz8z14ax3a75ay3z64a1pu51ax3a84a2gp23af2a70a5qj98a49k90a8gs43a5qk02al3u52a3sj36aa8zq3aj7z98aj7z05a5cm78a5cm66aj7z14ax3a82a3sj37a8gs14a3sj04ab5l54a5qk03a6qp97aj7z04a1pv65az8z0a5rc90ax3a68a7zu86a1pv86a8gs36aa8zq5at3u43a3gy03abl27ax3a80a7ps87a7ps95a3pz55a3pz15acz244al3u63a3sj32am0p40a7ps81a7zu79al3u65ax3a87al3u70a6qn38a3gy20ax3a65a5qj81ax3a86aj7z09a6bs58a8gs30a3sj30ay3z62a5cm68a49k99aj8j76a3gy31af2a79az8z16a8gs25a17f27aw3sj11aj8a06ax3a83ak0q20a7zu81a5cm72a8pe96acf367aj8a05a5fm78az8z19j8j64ax3a77a8gs12a7zu88ak0q19a3sj28a3sj29aj8a11ax3a71a5qk18al3u69a7zu87a9rt91a7ps94az8z13a3sj22a3gy17ab5l47a3gy26ay3z61af2a67a*5rc91aa2w76ax3a81a7zu78aa91s7al3u66ak0q22a3gy25ax3a79a5cm77a5rc89a8gr94af2a69ay3z49ab5l26az8z04ag1w39a4pz45aj8a12am0p33aj7z06a5cm61az5g79a8gs44a5qk20a8gs13acf069a7ps98a7zu85a8gr97aa8zq7acf067acf066a8gr99ag1w47az8z09a3sj33az8z15aa8zq2a5cm70ak0q18aj8j79a5rc83a1pv88a5qk15al3u67aa2w75ax3a66a6qn29a6bs59aj8a17a3sj20ax3a92a7pt01az8z01aCertain HP LaserJet Pro, HP LaserJet Enterprise, HP LaserJet Managed Printers
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2025-26506
Matching Score-10
Assigner-HP Inc.
ShareView Details
Matching Score-10
Assigner-HP Inc.
CVSS Score-9.2||CRITICAL
EPSS-0.38% / 59.04%
||
7 Day CHG~0.00%
Published-14 Feb, 2025 | 16:58
Updated-15 Jan, 2026 | 14:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Certain HP LaserJet Pro, HP LaserJet Enterprise, HP LaserJet Managed Printers – Potential Remote Code Execution and Potential Elevation of Privilege

Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job.

Action-Not Available
Vendor-HP Inc.
Product-499q4f4ra89a_firmware8d7l2a4ra81e_firmware499n1a499q7e_firmware4ra84a499q9f_firmware4ra84f4ra86e8d7l1a_firmware4ra88f499q5f_firmware74t92f499q8a499r0e499q6e8d7l2a_firmware5hh65a499r0f_firmware499q5fr_firmware499n4a_firmware499q4f_firmware5hh52a_firmware74t92a_firmware4ra80f_firmware4ra80a499n0a759v1f499m6a4ra89v5hh59a499q6f5hh48v5hh48a_firmware4ra87f_firmware5hh73a499q5f5hh51a_firmware4ra86a_firmware499q7a_firmware499q6f_firmware4ra82f5hh67a_firmware5hh64a_firmware4ra84e_firmware499q8a_firmware4ra83e4ra80e499n6a4ra84f_firmware499q6e_firmware5hh72a499q5e_firmware74t92a499m7a499q9e499q9a_firmware74p27a4ra81f_firmware4ra81e4ra83a_firmware4ra86f_firmware5hh64f_firmware4ra85v759v0e759v0f759v1e_firmware5hh48a4ra81f4ra87e_firmware759v0f_firmware759v2e_firmware4ra83a759v2e4ra82a_firmware499q3a_firmware74p26a_firmware759v2f_firmware499r0a8d7l1a499q3e_firmware499m8a4ra85v_firmware499q9a4ra87f499n1a_firmware4ra89a5hh67a4ra85f8d7l0a_firmware499q5fr499q8e_firmware74p28a499q5e4ra82fr5hh66a4ra85a499q7f_firmware5hh53a_firmware499q9f5hh73a_firmware4ra88f_firmware4ra86e_firmware499m9a_firmware499q8f5hh48v_firmware759v1f_firmware499q7a4ra83e_firmware499q4e_firmware4ra89v_firmware4ra80f499m9a4ra86a499q3e499q8e499n6a_firmware499n0a_firmware4ra87a4ra82fr_firmware4ra81fr_firmware499q5a499r0a_firmware499q3a4ra83f74p25a_firmware4ra80a_firmware499n5a_firmware499q7f499q6a5hh52a499q3f_firmware499r0e_firmware5hh72a_firmware4ra81fr499r0f499n4a4ra82f_firmware4ra82a4ra85a_firmware4ra88a_firmware4ra84e5hh59a_firmware4ra80e_firmware4ra85e_firmware4ra85e5hh64e4ra85f_firmware74p26a74p28a_firmware4ra87a_firmware74t92e74p27a_firmware4ra81a_firmware499q5a_firmware5hh64f499q7e759v2f499q4e499m7a_firmware499q6a_firmware4ra87e4ra88e_firmware5hh65a_firmware74t92f_firmware4ra88e4ra81a4ra84a_firmware5hh51a8d7l0a5hh64e_firmware499q8f_firmware74t92e_firmware74p25a5hh64a4ra88a4ra83f_firmware5hh53a759v0e_firmware4ra82e_firmware4ra86f499q3f4ra82e759v1e499n5a5hh66a_firmware499m6a_firmware499m8a_firmware499q9e_firmwareCertain HP LaserJet Pro, HP LaserJet Enterprise, HP LaserJet Managed Printers
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2023-35175
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-9.8||CRITICAL
EPSS-3.42% / 87.17%
||
7 Day CHG~0.00%
Published-30 Jun, 2023 | 15:43
Updated-04 Dec, 2024 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain HP LaserJet Pro print products are potentially vulnerable to Potential Remote Code Execution and/or Elevation of Privilege via Server-Side Request Forgery (SSRF) using the Web Service Eventing model.

Action-Not Available
Vendor-HP Inc.
Product-laserjet_pro_m404-m405_w1a58a_firmwarelaserjet_pro_mfp_m478-m479_w1a75alaserjet_pro_mfp_m478-m479_w1a80alaserjet_pro_m453-m454_w1y46a_firmwarelaserjet_pro_mfp_m428-m429_f_w1a30alaserjet_pro_m304-m305_w1a47alaserjet_pro_m304-m305_w1a66alaserjet_pro_m453-m454_w1y40alaserjet_pro_mfp_m478-m479_w1a77alaserjet_pro_m453-m454_w1y45a_firmwarelaserjet_pro_m304-m305_w1a48a_firmwarelaserjet_pro_m404-m405_w1a56a_firmwarelaserjet_pro_m453-m454_w1y44alaserjet_pro_mfp_m428-m429_f_w1a29a_firmwarelaserjet_pro_m404-m405_w1a60alaserjet_pro_m304-m305_w1a46alaserjet_pro_mfp_m428-m429_f_w1a35alaserjet_pro_m453-m454_w1y43a_firmwarelaserjet_pro_mfp_m478-m479_w1a76a_firmwarelaserjet_pro_m453-m454_w1y47a_firmwarelaserjet_pro_mfp_m478-m479_w1a78alaserjet_pro_m304-m305_w1a46a_firmwarelaserjet_pro_m304-m305_w1a66a_firmwarelaserjet_pro_m404-m405_w1a57alaserjet_pro_m404-m405_w1a53a_firmwarelaserjet_pro_mfp_m428-m429_f_w1a38a_firmwarelaserjet_pro_m404-m405_w1a59alaserjet_pro_mfp_m428-m429_f_w1a34alaserjet_pro_m453-m454_w1y41a_firmwarelaserjet_pro_mfp_m478-m479_w1a78a_firmwarelaserjet_pro_m404-m405_w1a56alaserjet_pro_m404-m405_w1a52alaserjet_pro_mfp_m478-m479_w1a82alaserjet_pro_m453-m454_w1y40a_firmwarelaserjet_pro_m404-m405_w1a57a_firmwarelaserjet_pro_mfp_m428-m429_w1a31alaserjet_pro_mfp_m478-m479_w1a77a_firmwarelaserjet_pro_mfp_m428-m429_f_w1a35a_firmwarelaserjet_pro_mfp_m428-m429_f_w1a30a_firmwarelaserjet_pro_mfp_m428-m429_w1a33a_firmwarelaserjet_pro_m404-m405_93m22alaserjet_pro_mfp_m478-m479_w1a76alaserjet_pro_mfp_m478-m479_w1a82a_firmwarelaserjet_pro_mfp_m478-m479_w1a79alaserjet_pro_mfp_m428-m429_w1a31a_firmwarelaserjet_pro_mfp_m478-m479_w1a81alaserjet_pro_m404-m405_w1a60a_firmwarelaserjet_pro_mfp_m428-m429_f_w1a38alaserjet_pro_m304-m305_w1a48alaserjet_pro_m404-m405_w1a51alaserjet_pro_mfp_m428-m429_f_w1a32a_firmwarelaserjet_pro_mfp_m428-m429_w1a33alaserjet_pro_m404-m405_w1a53alaserjet_pro_m453-m454_w1y43alaserjet_pro_m453-m454_w1y47alaserjet_pro_mfp_m478-m479_w1a79a_firmwarelaserjet_pro_m404-m405_w1a58alaserjet_pro_mfp_m428-m429_w1a28a_firmwarelaserjet_pro_mfp_m428-m429_w1a28alaserjet_pro_m404-m405_w1a59a_firmwarelaserjet_pro_m453-m454_w1y41alaserjet_pro_mfp_m478-m479_w1a80a_firmwarelaserjet_pro_m453-m454_w1y45alaserjet_pro_m304-m305_w1a47a_firmwarelaserjet_pro_m404-m405_w1a51a_firmwarelaserjet_pro_m453-m454_w1y46alaserjet_pro_mfp_m428-m429_f_w1a32alaserjet_pro_mfp_m478-m479_w1a81a_firmwarelaserjet_pro_m453-m454_w1y44a_firmwarelaserjet_pro_m404-m405_93m22a_firmwarelaserjet_pro_m404-m405_w1a63alaserjet_pro_mfp_m428-m429_f_w1a34a_firmwarelaserjet_pro_m404-m405_w1a52a_firmwarelaserjet_pro_mfp_m428-m429_f_w1a29alaserjet_pro_mfp_m478-m479_w1a75a_firmwarelaserjet_pro_m404-m405_w1a63a_firmwareHP LaserJet Pro
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2023-35982
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-0.88% / 74.86%
||
7 Day CHG~0.00%
Published-25 Jul, 2023 | 18:28
Updated-07 Nov, 2024 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Action-Not Available
Vendor-HP Inc.Aruba NetworksHewlett Packard Enterprise (HPE)
Product-arubaosinstantosAruba Access Points running InstantOS and ArubaOS 10arba_access_points_running_instantos_and_arubaos_10
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-29212
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-16.99% / 94.81%
||
7 Day CHG~0.00%
Published-01 Nov, 2021 | 13:18
Updated-03 Aug, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote unauthenticated directory traversal security vulnerability has been identified in HPE iLO Amplifier Pack versions 1.80, 1.81, 1.90 and 1.95. The vulnerability could be remotely exploited to allow an unauthenticated user to run arbitrary code leading complete impact to confidentiality, integrity, and availability of the iLO Amplifier Pack appliance.

Action-Not Available
Vendor-n/aHP Inc.
Product-ilo_amplifier_packiLO Amplifier Pack
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-26583
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-2.58% / 85.24%
||
7 Day CHG~0.00%
Published-10 May, 2021 | 12:38
Updated-03 Aug, 2024 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential security vulnerability was identified in HPE iLO Amplifier Pack. The vulnerabilities could be remotely exploited to allow remote code execution.

Action-Not Available
Vendor-n/aHP Inc.
Product-ilo_amplifier_packiLO Amplifier Pack
CVE-2023-32673
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.63% / 69.70%
||
7 Day CHG~0.00%
Published-12 Jun, 2023 | 21:39
Updated-03 Jan, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain versions of HP PC Hardware Diagnostics Windows, HP Image Assistant, and HP Thunderbolt Dock G2 Firmware are potentially vulnerable to elevation of privilege.

Action-Not Available
Vendor-HP Inc.
Product-pc_hardware_diagnosticsimage_assistantthunderbolt_dock_g2thunderbolt_dock_g2_firmwareHP PC Hardware Diagnostics Windows, HP Image Assistant, and HP Thunderbolt Dock G2 Firmware
CVE-2023-32674
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.64% / 69.98%
||
7 Day CHG~0.00%
Published-12 Jun, 2023 | 21:40
Updated-03 Jan, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to buffer overflow.

Action-Not Available
Vendor-HP Inc.
Product-pc_hardware_diagnosticsHP PC Hardware Diagnostics Windows
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-30908
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-1.65% / 81.67%
||
7 Day CHG~0.00%
Published-07 Sep, 2023 | 21:28
Updated-06 Mar, 2025 | 15:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote authentication bypass issue exists in a OneView API.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)HP Inc.
Product-oneviewHPE OneView
CVE-2023-30912
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-0.96% / 76.14%
||
7 Day CHG~0.00%
Published-25 Oct, 2023 | 14:39
Updated-17 Sep, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution issue exists in HPE OneView.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)
Product-oneviewHPE OneView
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-30909
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-4.96% / 89.41%
||
7 Day CHG~0.00%
Published-14 Sep, 2023 | 14:56
Updated-28 Oct, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote authentication bypass issue exists in some OneView APIs.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-oneviewHPE OneViewoneview_global_dashboardoneview
CWE ID-CWE-294
Authentication Bypass by Capture-replay
CVE-2023-22757
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-8.1||HIGH
EPSS-3.48% / 87.28%
||
7 Day CHG~0.00%
Published-28 Feb, 2023 | 16:36
Updated-07 Mar, 2025 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated Buffer Overflow Vulnerabilities in ArubaOS Processes

There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)Aruba Networks
Product-arubaossd-wanAruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-7169
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-6.73% / 91.07%
||
7 Day CHG~0.00%
Published-19 Oct, 2020 | 17:43
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

Action-Not Available
Vendor-n/aHP Inc.
Product-intelligent_management_centerHPE Intelligent Management Center (iMC)
CWE ID-CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
CVE-2020-7167
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-7.21% / 91.41%
||
7 Day CHG~0.00%
Published-19 Oct, 2020 | 17:42
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A quicktemplateselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

Action-Not Available
Vendor-n/aHP Inc.
Product-intelligent_management_centerHPE Intelligent Management Center (iMC)
CWE ID-CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
CVE-2020-7200
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-85.54% / 99.34%
||
7 Day CHG~0.00%
Published-18 Dec, 2020 | 22:14
Updated-04 Aug, 2024 | 09:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential security vulnerability has been identified in HPE Systems Insight Manager (SIM) version 7.6. The vulnerability could be exploited to allow remote code execution.

Action-Not Available
Vendor-n/aHP Inc.
Product-systems_insight_managerHPE Systems Insight Manager (SIM)
CVE-2020-7144
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-6.78% / 91.11%
||
7 Day CHG~0.00%
Published-19 Oct, 2020 | 17:37
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A comparefilesresult expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

Action-Not Available
Vendor-n/aHP Inc.
Product-intelligent_management_centerHPE Intelligent Management Center (iMC)
CWE ID-CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
CVE-2020-7206
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-1.04% / 77.09%
||
7 Day CHG~0.00%
Published-17 Jul, 2020 | 21:16
Updated-04 Aug, 2024 | 09:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP nagios plugin for iLO (nagios-plugins-hpilo v1.50 and earlier) has a php code injection vulnerability.

Action-Not Available
Vendor-n/aHP Inc.
Product-nagios-plugins-hpilonagios-plugins-ilo
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-7158
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-6.73% / 91.07%
||
7 Day CHG~0.00%
Published-19 Oct, 2020 | 17:38
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A perfselecttask expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

Action-Not Available
Vendor-n/aHP Inc.
Product-intelligent_management_centerHPE Intelligent Management Center (iMC)
CWE ID-CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
CVE-2020-7149
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-7.21% / 91.41%
||
7 Day CHG~0.00%
Published-19 Oct, 2020 | 17:37
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

Action-Not Available
Vendor-n/aHP Inc.
Product-intelligent_management_centerHPE Intelligent Management Center (iMC)
CWE ID-CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
CVE-2020-7154
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-7.21% / 91.41%
||
7 Day CHG~0.00%
Published-19 Oct, 2020 | 17:38
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A ifviewselectpage expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

Action-Not Available
Vendor-n/aHP Inc.
Product-intelligent_management_centerHPE Intelligent Management Center (iMC)
CWE ID-CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
CVE-2020-7141
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-6.73% / 91.07%
||
7 Day CHG~0.00%
Published-19 Oct, 2020 | 17:36
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A adddevicetoview expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

Action-Not Available
Vendor-n/aHP Inc.
Product-intelligent_management_centerHPE Intelligent Management Center (iMC)
CWE ID-CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
CVE-2020-7164
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-6.73% / 91.07%
||
7 Day CHG~0.00%
Published-19 Oct, 2020 | 17:42
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A operationselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

Action-Not Available
Vendor-n/aHP Inc.
Product-intelligent_management_centerHPE Intelligent Management Center (iMC)
CWE ID-CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
CVE-2020-7151
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-6.73% / 91.07%
||
7 Day CHG~0.00%
Published-19 Oct, 2020 | 17:38
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A faulttrapgroupselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

Action-Not Available
Vendor-n/aHP Inc.
Product-intelligent_management_centerHPE Intelligent Management Center (iMC)
CWE ID-CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
CVE-2020-7166
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-6.73% / 91.07%
||
7 Day CHG~0.00%
Published-19 Oct, 2020 | 17:42
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A operatorgrouptreeselectcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

Action-Not Available
Vendor-n/aHP Inc.
Product-intelligent_management_centerHPE Intelligent Management Center (iMC)
CWE ID-CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
CVE-2020-7155
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-6.73% / 91.07%
||
7 Day CHG~0.00%
Published-19 Oct, 2020 | 17:38
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A select expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

Action-Not Available
Vendor-n/aHP Inc.
Product-intelligent_management_centerHPE Intelligent Management Center (iMC)
CWE ID-CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
CVE-2020-7148
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-6.73% / 91.07%
||
7 Day CHG~0.00%
Published-19 Oct, 2020 | 17:37
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A deployselectsoftware expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

Action-Not Available
Vendor-n/aHP Inc.
Product-intelligent_management_centerHPE Intelligent Management Center (iMC)
CWE ID-CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
CVE-2020-7165
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-6.73% / 91.07%
||
7 Day CHG~0.00%
Published-19 Oct, 2020 | 17:42
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A iccselectcommand expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

Action-Not Available
Vendor-n/aHP Inc.
Product-intelligent_management_centerHPE Intelligent Management Center (iMC)
CWE ID-CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
CVE-2020-7197
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-2.05% / 83.52%
||
7 Day CHG~0.00%
Published-26 Oct, 2020 | 15:09
Updated-04 Aug, 2024 | 09:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SSMC3.7.0.0 is vulnerable to remote authentication bypass. HPE StoreServ Management Console (SSMC) 3.7.0.0 is an off node multiarray manager web application and remains isolated from data on the managed arrays. HPE has provided an update to HPE StoreServ Management Console (SSMC) software 3.7.0.0* Upgrade to HPE 3PAR StoreServ Management Console 3.7.1.1 or later.

Action-Not Available
Vendor-n/aHP Inc.
Product-storeserv_management_consoleHPE 3PAR StoreServ Management and Core Software Media
CWE ID-CWE-287
Improper Authentication
CVE-2020-7157
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-6.73% / 91.07%
||
7 Day CHG~0.00%
Published-19 Oct, 2020 | 17:38
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A selviewnavcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

Action-Not Available
Vendor-n/aHP Inc.
Product-intelligent_management_centerHPE Intelligent Management Center (iMC)
CWE ID-CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
CVE-2020-7150
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-6.78% / 91.11%
||
7 Day CHG~0.00%
Published-19 Oct, 2020 | 17:38
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A faultstatchoosefaulttype expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

Action-Not Available
Vendor-n/aHP Inc.
Product-intelligent_management_centerHPE Intelligent Management Center (iMC)
CWE ID-CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
CVE-2020-7152
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-6.73% / 91.07%
||
7 Day CHG~0.00%
Published-19 Oct, 2020 | 17:38
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A faultparasset expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

Action-Not Available
Vendor-n/aHP Inc.
Product-intelligent_management_centerHPE Intelligent Management Center (iMC)
CWE ID-CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
CVE-2020-7156
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-6.73% / 91.07%
||
7 Day CHG~0.00%
Published-19 Oct, 2020 | 17:38
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A faultinfo_content expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

Action-Not Available
Vendor-n/aHP Inc.
Product-intelligent_management_centerHPE Intelligent Management Center (iMC)
CWE ID-CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
CVE-2020-7153
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-6.73% / 91.07%
||
7 Day CHG~0.00%
Published-19 Oct, 2020 | 17:38
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A iccselectdevtype expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

Action-Not Available
Vendor-n/aHP Inc.
Product-intelligent_management_centerHPE Intelligent Management Center (iMC)
CWE ID-CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
CVE-2020-7162
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-6.73% / 91.07%
||
7 Day CHG~0.00%
Published-19 Oct, 2020 | 17:39
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A operatorgroupselectcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

Action-Not Available
Vendor-n/aHP Inc.
Product-intelligent_management_centerHPE Intelligent Management Center (iMC)
CWE ID-CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
CVE-2020-7171
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-7.21% / 91.41%
||
7 Day CHG~0.00%
Published-19 Oct, 2020 | 17:43
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A guidatadetail expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

Action-Not Available
Vendor-n/aHP Inc.
Product-intelligent_management_centerHPE Intelligent Management Center (iMC)
CWE ID-CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
CVE-2020-7170
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-6.73% / 91.07%
||
7 Day CHG~0.00%
Published-19 Oct, 2020 | 17:43
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A select expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

Action-Not Available
Vendor-n/aHP Inc.
Product-intelligent_management_centerHPE Intelligent Management Center (iMC)
CWE ID-CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
CVE-2020-7147
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-6.73% / 91.07%
||
7 Day CHG~0.00%
Published-19 Oct, 2020 | 17:37
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A deployselectbootrom expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

Action-Not Available
Vendor-n/aHP Inc.
Product-intelligent_management_centerHPE Intelligent Management Center (iMC)
CWE ID-CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
CVE-2020-7159
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-7.21% / 91.41%
||
7 Day CHG~0.00%
Published-19 Oct, 2020 | 17:39
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A customtemplateselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

Action-Not Available
Vendor-n/aHP Inc.
Product-intelligent_management_centerHPE Intelligent Management Center (iMC)
CWE ID-CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
CVE-2020-7168
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-6.73% / 91.07%
||
7 Day CHG~0.00%
Published-19 Oct, 2020 | 17:43
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A selectusergroup expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

Action-Not Available
Vendor-n/aHP Inc.
Product-intelligent_management_centerHPE Intelligent Management Center (iMC)
CWE ID-CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
CVE-2020-7161
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-6.73% / 91.07%
||
7 Day CHG~0.00%
Published-19 Oct, 2020 | 17:39
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reporttaskselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

Action-Not Available
Vendor-n/aHP Inc.
Product-intelligent_management_centerHPE Intelligent Management Center (iMC)
CWE ID-CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
CVE-2020-7124
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-0.87% / 74.74%
||
7 Day CHG~0.00%
Published-26 Oct, 2020 | 15:23
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote unauthorized access vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.

Action-Not Available
Vendor-n/aAruba Networks
Product-airwave_glassAruba Airwave Software
CVE-2020-7128
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-0.93% / 75.67%
||
7 Day CHG~0.00%
Published-04 Nov, 2020 | 19:21
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote unauthenticated arbitrary code execution vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.

Action-Not Available
Vendor-n/aAruba Networks
Product-airwave_glassAruba Airwave Software
CWE ID-CWE-306
Missing Authentication for Critical Function
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 15
  • 16
  • Next
Details not found