Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-3508

Summary
Assigner-hp
Assigner Org ID-74586083-13ce-40fd-b46a-8e5d23cfbcb2
Published At-25 Jul, 2025 | 15:58
Updated At-25 Jul, 2025 | 17:41
Rejected At-
Credits

Certain HP DesignJet products – Information disclosure

Certain HP DesignJet products may be vulnerable to information disclosure though printer's web interface allowing unauthenticated users to view sensitive print job information.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:hp
Assigner Org ID:74586083-13ce-40fd-b46a-8e5d23cfbcb2
Published At:25 Jul, 2025 | 15:58
Updated At:25 Jul, 2025 | 17:41
Rejected At:
▼CVE Numbering Authority (CNA)
Certain HP DesignJet products – Information disclosure

Certain HP DesignJet products may be vulnerable to information disclosure though printer's web interface allowing unauthenticated users to view sensitive print job information.

Affected Products
Vendor
HP Inc.HP Inc.
Product
Certain HP DesignJet products
Default Status
unknown
Versions
Affected
  • See HP Security Bulletin reference for affected versions.
Problem Types
TypeCWE IDDescription
CWECWE-200CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Type: CWE
CWE ID: CWE-200
Description: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Metrics
VersionBase scoreBase severityVector
4.06.0MEDIUM
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Version: 4.0
Base score: 6.0
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.hp.com/us-en/document/ish_12798086-12798125-16/hpsbpi04039
N/A
Hyperlink: https://support.hp.com/us-en/document/ish_12798086-12798125-16/hpsbpi04039
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:hp-security-alert@hp.com
Published At:25 Jul, 2025 | 16:15
Updated At:24 Feb, 2026 | 14:44

Certain HP DesignJet products may be vulnerable to information disclosure though printer's web interface allowing unauthenticated users to view sensitive print job information.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.06.0MEDIUM
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.16.5MEDIUM
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 4.0
Base score: 6.0
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CPE Matches
HP Inc.
hp
>>w3z72e_firmware>>Versions before jgr9_09_25_22.1(exclusive)
cpe:2.3:o:hp:w3z72e_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>w3z72e>>-
cpe:2.3:h:hp:w3z72e:-:*:*:*:*:*:*:*
HP Inc.
hp
>>w3z72f_firmware>>Versions before jgr9_09_25_22.1(exclusive)
cpe:2.3:o:hp:w3z72f_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>w3z72f>>-
cpe:2.3:h:hp:w3z72f:-:*:*:*:*:*:*:*
HP Inc.
hp
>>w3z72g_firmware>>Versions before jgr9_09_25_22.1(exclusive)
cpe:2.3:o:hp:w3z72g_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>w3z72g>>-
cpe:2.3:h:hp:w3z72g:-:*:*:*:*:*:*:*
HP Inc.
hp
>>w3z72h_firmware>>Versions before jgr9_09_25_22.1(exclusive)
cpe:2.3:o:hp:w3z72h_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>w3z72h>>-
cpe:2.3:h:hp:w3z72h:-:*:*:*:*:*:*:*
HP Inc.
hp
>>w6b55a_firmware>>Versions before jgrw_09_25_22.1(exclusive)
cpe:2.3:o:hp:w6b55a_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>w6b55a>>-
cpe:2.3:h:hp:w6b55a:-:*:*:*:*:*:*:*
HP Inc.
hp
>>w6b55b_firmware>>Versions before jgrw_09_25_22.1(exclusive)
cpe:2.3:o:hp:w6b55b_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>w6b55b>>-
cpe:2.3:h:hp:w6b55b:-:*:*:*:*:*:*:*
HP Inc.
hp
>>w6b55c_firmware>>Versions before jgrw_09_25_22.1(exclusive)
cpe:2.3:o:hp:w6b55c_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>w6b55c>>-
cpe:2.3:h:hp:w6b55c:-:*:*:*:*:*:*:*
HP Inc.
hp
>>w6b55d_firmware>>Versions before jgrw_09_25_22.1(exclusive)
cpe:2.3:o:hp:w6b55d_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>w6b55d>>-
cpe:2.3:h:hp:w6b55d:-:*:*:*:*:*:*:*
HP Inc.
hp
>>w6b55e_firmware>>Versions before jgrw_09_25_22.1(exclusive)
cpe:2.3:o:hp:w6b55e_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>w6b55e>>-
cpe:2.3:h:hp:w6b55e:-:*:*:*:*:*:*:*
HP Inc.
hp
>>w6b55f_firmware>>Versions before jgrw_09_25_22.1(exclusive)
cpe:2.3:o:hp:w6b55f_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>w6b55f>>-
cpe:2.3:h:hp:w6b55f:-:*:*:*:*:*:*:*
HP Inc.
hp
>>w6b55g_firmware>>Versions before jgrw_09_25_22.1(exclusive)
cpe:2.3:o:hp:w6b55g_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>w6b55g>>-
cpe:2.3:h:hp:w6b55g:-:*:*:*:*:*:*:*
HP Inc.
hp
>>w6b55h_firmware>>Versions before jgrw_09_25_22.1(exclusive)
cpe:2.3:o:hp:w6b55h_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>w6b55h>>-
cpe:2.3:h:hp:w6b55h:-:*:*:*:*:*:*:*
HP Inc.
hp
>>w6b56a_firmware>>Versions before jgrw_09_25_22.1(exclusive)
cpe:2.3:o:hp:w6b56a_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>w6b56a>>-
cpe:2.3:h:hp:w6b56a:-:*:*:*:*:*:*:*
HP Inc.
hp
>>w6b56b_firmware>>Versions before jgrw_09_25_22.1(exclusive)
cpe:2.3:o:hp:w6b56b_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>w6b56b>>-
cpe:2.3:h:hp:w6b56b:-:*:*:*:*:*:*:*
HP Inc.
hp
>>w6b56c_firmware>>Versions before jgrw_09_25_22.1(exclusive)
cpe:2.3:o:hp:w6b56c_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>w6b56c>>-
cpe:2.3:h:hp:w6b56c:-:*:*:*:*:*:*:*
HP Inc.
hp
>>w6b56d_firmware>>Versions before jgrw_09_25_22.1(exclusive)
cpe:2.3:o:hp:w6b56d_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>w6b56d>>-
cpe:2.3:h:hp:w6b56d:-:*:*:*:*:*:*:*
HP Inc.
hp
>>w6b56e_firmware>>Versions before jgrw_09_25_22.1(exclusive)
cpe:2.3:o:hp:w6b56e_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>w6b56e>>-
cpe:2.3:h:hp:w6b56e:-:*:*:*:*:*:*:*
HP Inc.
hp
>>w6b56f_firmware>>Versions before jgrw_09_25_22.1(exclusive)
cpe:2.3:o:hp:w6b56f_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>w6b56f>>-
cpe:2.3:h:hp:w6b56f:-:*:*:*:*:*:*:*
HP Inc.
hp
>>w6b56g_firmware>>Versions before jgrw_09_25_22.1(exclusive)
cpe:2.3:o:hp:w6b56g_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>w6b56g>>-
cpe:2.3:h:hp:w6b56g:-:*:*:*:*:*:*:*
HP Inc.
hp
>>w6b56h_firmware>>Versions before jgrw_09_25_22.1(exclusive)
cpe:2.3:o:hp:w6b56h_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>w6b56h>>-
cpe:2.3:h:hp:w6b56h:-:*:*:*:*:*:*:*
HP Inc.
hp
>>x9d24a_firmware>>Versions before jgr9_09_25_22.1(exclusive)
cpe:2.3:o:hp:x9d24a_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>x9d24a>>-
cpe:2.3:h:hp:x9d24a:-:*:*:*:*:*:*:*
HP Inc.
hp
>>x9d24b_firmware>>Versions before jgr9_09_25_22.1(exclusive)
cpe:2.3:o:hp:x9d24b_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>x9d24b>>-
cpe:2.3:h:hp:x9d24b:-:*:*:*:*:*:*:*
HP Inc.
hp
>>x9d24c_firmware>>Versions before jgr9_09_25_22.1(exclusive)
cpe:2.3:o:hp:x9d24c_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>x9d24c>>-
cpe:2.3:h:hp:x9d24c:-:*:*:*:*:*:*:*
HP Inc.
hp
>>x9d24d_firmware>>Versions before jgr9_09_25_22.1(exclusive)
cpe:2.3:o:hp:x9d24d_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>x9d24d>>-
cpe:2.3:h:hp:x9d24d:-:*:*:*:*:*:*:*
HP Inc.
hp
>>x9d24e_firmware>>Versions before jgr9_09_25_22.1(exclusive)
cpe:2.3:o:hp:x9d24e_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>x9d24e>>-
cpe:2.3:h:hp:x9d24e:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-200Secondaryhp-security-alert@hp.com
CWE ID: CWE-200
Type: Secondary
Source: hp-security-alert@hp.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://support.hp.com/us-en/document/ish_12798086-12798125-16/hpsbpi04039hp-security-alert@hp.com
Vendor Advisory
Hyperlink: https://support.hp.com/us-en/document/ish_12798086-12798125-16/hpsbpi04039
Source: hp-security-alert@hp.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

132Records found
CVE-2016-8966
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.19% / 41.08%
||
7 Day CHG~0.00%
Published-01 Feb, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM BigFix Inventory v9 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.

Action-Not Available
Vendor-Linux Kernel Organization, IncOracle CorporationHP Inc.IBM CorporationMicrosoft Corporation
Product-bigfix_inventorylicense_metric_toolaixsolarishp-uxlinux_kernelwindowsBigFix Inventory
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-8514
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-6.5||MEDIUM
EPSS-0.54% / 67.21%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 20:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote information disclosure in HPE Version Control Repository Manager (VCRM) was found. The problem impacts all versions prior to 7.6.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-version_control_repository_managerVersion Control Repository Manager (VCRM)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2012-5222
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-5||MEDIUM
EPSS-0.79% / 73.67%
||
7 Day CHG~0.00%
Published-02 May, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Service Manager Web Tier 9.31 before 9.31.2004 p2 allows remote attackers to obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.Microsoft Corporation
Product-windowsservice_manager_web_tiern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-8981
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 16.76%
||
7 Day CHG~0.00%
Published-01 Feb, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM BigFix Inventory v9 allows web pages to be stored locally which can be read by another user on the system.

Action-Not Available
Vendor-Linux Kernel Organization, IncOracle CorporationHP Inc.IBM CorporationMicrosoft Corporation
Product-bigfix_inventorylicense_metric_toolaixsolarishp-uxlinux_kernelwindowsBigFix Inventory
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-8963
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 14.09%
||
7 Day CHG~0.00%
Published-01 Feb, 2017 | 22:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM BigFix Inventory v9 stores potentially sensitive information in log files that could be read by a local user.

Action-Not Available
Vendor-Linux Kernel Organization, IncOracle CorporationHP Inc.IBM CorporationMicrosoft Corporation
Product-bigfix_inventorylicense_metric_toolaixsolarishp-uxlinux_kernelwindowsBigFix Inventory
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-8977
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.23% / 45.99%
||
7 Day CHG~0.00%
Published-01 Feb, 2017 | 22:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM BigFix Inventory v9 could disclose sensitive information to an unauthorized user using HTTP GET requests. This information could be used to mount further attacks against the system.

Action-Not Available
Vendor-Linux Kernel Organization, IncOracle CorporationHP Inc.IBM CorporationMicrosoft Corporation
Product-bigfix_inventorylicense_metric_toolaixsolarishp-uxlinux_kernelwindowsBigFix Inventory
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-4367
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.29% / 79.47%
||
7 Day CHG~0.00%
Published-08 Jun, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Universal Discovery component in HPE Universal CMDB 10.0, 10.01, 10.10, 10.11, 10.20, and 10.21 allows remote attackers to obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-universal_cmbd_foundationn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-4378
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.79% / 73.73%
||
7 Day CHG~0.00%
Published-26 Aug, 2016 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The (1) Device Manager, (2) Tiered Storage Manager, (3) Replication Manager, (4) Replication Monitor, and (5) Hitachi Automation Director (HAD) components in HPE XP P9000 Command View Advanced Edition Software before 8.4.1-00 and XP7 Command View Advanced Edition Suite before 8.4.1-00 allow remote attackers to obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-xp7_command_viewxp_9000_command_viewn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-2107
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.9||MEDIUM
EPSS-81.75% / 99.18%
||
7 Day CHG-0.96%
Published-05 May, 2016 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.

Action-Not Available
Vendor-n/aNode.js (OpenJS Foundation)openSUSERed Hat, Inc.Google LLCOpenSSLDebian GNU/LinuxHP Inc.Canonical Ltd.
Product-enterprise_linux_serverenterprise_linux_server_ausdebian_linuxhelion_openstackenterprise_linux_hpc_nodeleapopensuseenterprise_linux_desktopubuntu_linuxenterprise_linux_server_eusenterprise_linux_workstationopensslenterprise_linux_hpc_node_eusnode.jsandroidn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2007-6513
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-8.52% / 92.26%
||
7 Day CHG~0.00%
Published-21 Dec, 2007 | 22:00
Updated-07 Aug, 2024 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP eSupportDiagnostics ActiveX control (hpediag.dll) 1.0.11.0 exports dangerous methods, which allows remote attackers to (1) read arbitrary files via the ReadTextFile method, or (2) read arbitrary registry values via the ReadValue method.

Action-Not Available
Vendor-n/aHP Inc.
Product-esupportdiagnosticsn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2007-5413
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.83% / 74.33%
||
7 Day CHG~0.00%
Published-29 Oct, 2007 | 22:00
Updated-07 Aug, 2024 | 15:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

httpd.tkd in Radia Integration Server in Hewlett-Packard (HP) OpenView Configuration Management (CM) Infrastructure 4.0 through 4.2i and Client Configuration Manager (CCM) 2.0 allows remote attackers to read arbitrary files via URLs containing tilde (~) references to home directories, as demonstrated by ~root.

Action-Not Available
Vendor-n/aHP Inc.
Product-openview_configuration_managementopenview_client_configuraton_managern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2007-4514
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.86% / 74.77%
||
7 Day CHG~0.00%
Published-15 Apr, 2009 | 10:00
Updated-07 Aug, 2024 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP ProCurve Manager and HP ProCurve Manager Plus 2.3 and earlier allows remote attackers to obtain sensitive information from the ProCurve Manager server via unknown attack vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-procurve_managern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-2026
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.24% / 84.34%
||
7 Day CHG~0.00%
Published-08 Jun, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-2027.

Action-Not Available
Vendor-n/aHP Inc.
Product-matrix_operating_environmentsystems_insight_managern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-1999-0524
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.44% / 62.86%
||
7 Day CHG-0.21%
Published-04 Feb, 2000 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.

Action-Not Available
Vendor-windriverscon/aLinux Kernel Organization, IncNovellSilicon Graphics, Inc.IBM CorporationOracle CorporationCisco Systems, Inc.Microsoft CorporationApple Inc.HP Inc.
Product-linux_kerneltru64hp-uxbsdosaixmacossolarissco_unixioswindowsirixnetwaremac_os_xos2n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-1994
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.26% / 48.68%
||
7 Day CHG~0.00%
Published-18 Mar, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-system_management_homepagen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-2025
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.65% / 70.57%
||
7 Day CHG~0.00%
Published-30 May, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HPE Service Manager 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote attackers to obtain sensitive information via unspecified vectors, related to the Web Client, Service Request Catalog, and Mobility components.

Action-Not Available
Vendor-n/aHP Inc.
Product-service_managern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-2013
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.26% / 48.68%
||
7 Day CHG~0.00%
Published-07 May, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-network_node_manager_in/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-2015
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-0.13% / 32.29%
||
7 Day CHG~0.00%
Published-14 May, 2016 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HPE System Management Homepage before 7.5.5 allows local users to obtain sensitive information or modify data via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-system_management_homepagen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-2027
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.24% / 84.34%
||
7 Day CHG~0.00%
Published-08 Jun, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-2026.

Action-Not Available
Vendor-n/aHP Inc.
Product-matrix_operating_environmentsystems_insight_managern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2010-4112
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-5||MEDIUM
EPSS-1.06% / 77.43%
||
7 Day CHG~0.00%
Published-22 Dec, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Insight Management Agents before 8.6 allows remote attackers to obtain sensitive information via an unspecified request that triggers disclosure of the full path.

Action-Not Available
Vendor-n/aHP Inc.
Product-insight_management_agentsn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-5411
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.27% / 50.36%
||
7 Day CHG~0.00%
Published-26 Aug, 2015 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-version_control_repository_managern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-0777
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-80.56% / 99.12%
||
7 Day CHG+13.36%
Published-14 Jan, 2016 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.

Action-Not Available
Vendor-n/aOpenBSDSophos Ltd.Apple Inc.Oracle CorporationHP Inc.
Product-unified_threat_managementremote_device_access_virtual_customer_access_systemsolarisopensshunified_threat_management_softwarelinuxmac_os_xn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-28638
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.8||HIGH
EPSS-0.13% / 32.55%
||
7 Day CHG~0.00%
Published-20 Sep, 2022 | 20:04
Updated-29 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An isolated local disclosure of information and potential isolated local arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability were discovered in HPE Integrated Lights-Out 5 (iLO 5) in Version: 2.71. Hewlett Packard Enterprise has provided updated firmware for HPE Integrated Lights-Out 5 (iLO 5) that addresses these security vulnerabilities.

Action-Not Available
Vendor-n/aHP Inc.Hewlett Packard Enterprise (HPE)
Product-proliant_xl290n_gen10_plus_serverstoreeasy_1860_storageproliant_dx190r_gen10_serverapollo_n2800_gen10_plusproliant_dl345_gen10_plus_serverproliant_dx385_gen10_plus_serverstorage_performance_file_controllerproliant_xl645d_gen10_plus_serveredgeline_e920_server_bladeapollo_n2600_gen10_plusintegrated_lights-out_5_firmwareproliant_dx380_gen10_plus_serverstoreeasy_1460_storageproliant_e910_server_bladeproliant_dx380_gen10_serverproliant_dl360_gen10_serverproliant_dx560_gen10_serverapollo_r2000_chassisapollo_4200_gen10_plus_systemproliant_dl380_gen10_serverapollo_4200_gen10_serverstoreeasy_1660_performance_storagestorage_file_controllerapollo_r2600_gen10proliant_dl365_gen10_plus_serverproliant_dl360_gen10_plus_serveredgeline_e920d_server_bladeproliant_microserver_gen10_plusproliant_xl675d_gen10_plus_serverproliant_dx170r_gen10_serverproliant_dl380_gen10_plus_serverproliant_m750_server_bladeapollo_4510_gen10_systemproliant_xl170r_gen10_serverproliant_dx4200_gen10_serverproliant_xl225n_gen10_plus_1u_nodeproliant_dl580_gen10_serverstoreeasy_1660_expanded_storageproliant_xl220n_gen10_plus_serverproliant_dx385_gen10_plus_v2_serverproliant_ml30_gen10_serverintegrated_lights-out_5proliant_dl110_gen10_plus_telco_serverproliant_ml30_gen10_plus_serverproliant_dl385_gen10_plus_v2_serverproliant_dl325_gen10_serverproliant_xl450_gen10_serverapollo_2000_gen10_plus_systemproliant_dl20_gen10_serverstoreeasy_1560_storageproliant_xl270d_gen10_serverstoreeasy_1660_storageproliant_dl160_gen10_serveredgeline_e920t_server_bladeproliant_xl420_gen10_serverproliant_dx220n_gen10_plus_serverproliant_dx360_gen10_serverapollo_6500_gen10_plusproliant_dx360_gen10_plus_serverproliant_ml350_gen10_serverproliant_dl325_gen10_plus_v2_serverapollo_r2800_gen10proliant_e910t_server_bladeproliant_dl385_gen10_serverproliant_xl190r_gen10_serverproliant_bl460c_gen10_server_bladeproliant_dl325_gen10_plus_serverproliant_xl925g_gen10_plus_1u_4-node_configure-to-order_serverproliant_dl180_gen10_serverstoreeasy_1860_performance_storageproliant_dl385_gen10_plus_serverapollo_4500proliant_dl560_gen10_serverproliant_xl230k_gen10_serverproliant_dl20_gen10_plus_serverproliant_dx325_gen10_plus_v2_serverproliant_ml110_gen10_serverHPE Integrated Lights-Out 5 (iLO 5)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-3956
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-1.9||LOW
EPSS-0.10% / 27.92%
||
7 Day CHG~0.00%
Published-04 Jun, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program.

Action-Not Available
Vendor-sendmailn/aFedora ProjectFreeBSD FoundationHP Inc.
Product-fedorafreebsdsendmailhpuxn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-2244
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.70% / 71.90%
||
7 Day CHG~0.00%
Published-04 Mar, 2016 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP LaserJet printers and MFPs and OfficeJet Enterprise printers with firmware before 3.7.01 allow remote attackers to obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-a2w79ac2s12ace994acf236acz245acf082afuturesmart_firmwareca251acz258ace989ace990acd646aa2w76acz256acc522ace991acf066aa2w78ace993acf069ac2s11acz250acz257acd644ab5l07ace996acz244acz249acf068acf116acf235ace992acc524acd645ad3l08ad7p70acf367acf238ad3l09ad7p71ab3g85ab5l04aa2w77acz255ad3l10acf118ab5l05acf067acf081acf117aj7x28aa2w75acc523ace995acf083an/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-12784
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 11.39%
||
7 Day CHG~0.00%
Published-13 Nov, 2025 | 17:35
Updated-13 Feb, 2026 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Certain HP LaserJet Pro Printers – Potential Information Disclosure

Certain HP LaserJet Pro printers may be vulnerable to information disclosure leading to credential exposure by altering the scan/send destination address and/or modifying the LDAP Server.

Action-Not Available
Vendor-HP IncHP Inc.
Product-7kw59a7kw64a_firmwarew1a63a7kw68a7kw75a_firmware7kw57a_firmwarew1a82aw1a77a7kw66aw1a30a_firmwarew1a35a_firmware7kw55a7kw66a_firmwarew1y47a_firmwarew1a76aw1a33a7kw67aw1a28a_firmware7kw49a_firmwarew1a32a_firmware7kw59a_firmwarew1a60a_firmwarew1a34aw1y47aw1a63a_firmwarew1y45a_firmwarew1a35aw1y40aw1y40a_firmwarew1a52aw1a38a7kw74aw1a80aw1y43aw1a31a7kw56a7kw57aw1a48a_firmware7kw73a_firmwarew1a57a_firmwarew1a81a_firmwarew1a79aw1a56aw1a38a_firmware7kw76a7kw58a_firmware7kw48a7kw72a_firmwarew1a58a_firmwarew1a47a7kw77a_firmware7kw72aw1a56a_firmware7kw48a_firmwarew1a66aw1a58aw1a79a_firmwarew1a51a_firmwarew1y43a_firmwarew1y44a7kw79aw1y41a_firmware7kw58aw1a77a_firmware7kw77a7kw63a_firmware7kw78a7kw65a7kw64a7kw54a_firmwarew1a53aw1y44a_firmwarew1y46a_firmwarew1a59aw1a75aw1a53a_firmwarew1a78aw1a30a7kw68a_firmware7kw51a_firmwarew1y46aw1a57a7kw65a_firmwarew1a51aw1a29aw1a47a_firmware7kw63a7kw79a_firmwarew1a48a7kw74a_firmware93m22a_firmwarew1a60aw1a46a_firmwarew1a31a_firmwarew1a46aw1a75a_firmwarew1a34a_firmwarew1y45a7kw51aw1a76a_firmware7kw76a_firmwarew1a32aw1y41aw1a82a_firmwarew1a52a_firmware93m22aw1a81aw1a33a_firmware7kw50aw1a59a_firmware7kw75a7kw56a_firmware7kw55a_firmwarew1a28aw1a80a_firmware7kw50a_firmwarew1a66a_firmwarew1a78a_firmware7kw54aw1a29a_firmware7kw49a7kw73a7kw78a_firmware7kw67a_firmwareHP LaserJet Pro MFP M428-M429 f seriesHP LaserJet Pro M304-M305 Printer seriesHP Color LaserJet Pro M453-M454 seriesHP Color LaserJet MFP M478-M479 seriesHP LaserJet Pro M404-M405 Printer seriesHP LaserJet Pro MFP M428-M429 series
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-12785
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 11.39%
||
7 Day CHG~0.00%
Published-13 Nov, 2025 | 17:38
Updated-13 Feb, 2026 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Certain HP LaserJet Pro Printers – Potential Information Disclosure

Certain HP LaserJet Pro printers may be vulnerable to information disclosure leading to credential exposure by altering the scan/send destination address and/or modifying the LDAP Server.

Action-Not Available
Vendor-HP IncHP Inc.
Product-7kw59a7kw64a_firmwarew1a63a7kw68a7kw75a_firmware7kw57a_firmwarew1a82aw1a77a7kw66aw1a30a_firmwarew1a35a_firmware7kw55a7kw66a_firmwarew1y47a_firmwarew1a76aw1a33a7kw67aw1a28a_firmware7kw49a_firmwarew1a32a_firmware7kw59a_firmwarew1a60a_firmwarew1a34aw1y47aw1a63a_firmwarew1y45a_firmwarew1a35aw1y40aw1y40a_firmwarew1a52aw1a38a7kw74aw1a80aw1y43aw1a31a7kw56a7kw57aw1a48a_firmware7kw73a_firmwarew1a57a_firmwarew1a81a_firmwarew1a79aw1a56aw1a38a_firmware7kw76a7kw58a_firmware7kw48a7kw72a_firmwarew1a58a_firmwarew1a47a7kw77a_firmware7kw72aw1a56a_firmware7kw48a_firmwarew1a66aw1a58aw1a79a_firmwarew1a51a_firmwarew1y43a_firmwarew1y44a7kw79aw1y41a_firmware7kw58aw1a77a_firmware7kw77a7kw63a_firmware7kw78a7kw65a7kw64a7kw54a_firmwarew1a53aw1y44a_firmwarew1y46a_firmwarew1a59aw1a75aw1a53a_firmwarew1a78aw1a30a7kw68a_firmware7kw51a_firmwarew1y46aw1a57a7kw65a_firmwarew1a51aw1a29aw1a47a_firmware7kw63a7kw79a_firmwarew1a48a7kw74a_firmware93m22a_firmwarew1a60aw1a46a_firmwarew1a31a_firmwarew1a46aw1a75a_firmwarew1a34a_firmwarew1y45a7kw51aw1a76a_firmware7kw76a_firmwarew1a32aw1y41aw1a82a_firmwarew1a52a_firmware93m22aw1a81aw1a33a_firmware7kw50aw1a59a_firmware7kw75a7kw56a_firmware7kw55a_firmwarew1a28aw1a80a_firmware7kw50a_firmwarew1a66a_firmwarew1a78a_firmware7kw54aw1a29a_firmware7kw49a7kw73a7kw78a_firmware7kw67a_firmwareHP LaserJet Pro MFP M428-M429 f seriesHP LaserJet Pro M304-M305 Printer seriesHP Color LaserJet Pro M453-M454 seriesHP Color LaserJet MFP M478-M479 seriesHP LaserJet Pro M404-M405 Printer seriesHP LaserJet Pro MFP M428-M429 series
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-1999-1136
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.13% / 32.05%
||
7 Day CHG~0.00%
Published-09 Mar, 2002 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in Predictive on HP-UX 11.0 and earlier, and MPE/iX 5.5 and earlier, allows attackers to compromise data transfer for Predictive messages (using e-mail or modem) between customer and Response Center Predictive systems.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxmpe_ixn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-11998
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.03% / 10.30%
||
7 Day CHG+0.01%
Published-30 Oct, 2025 | 16:00
Updated-04 Nov, 2025 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HP Card Readers (B Models) – Potential Information Disclosure

The following HP Card Readers B Models (X3D03B & Y7C05B) are potentially vulnerable to information disclosure, allowing prior user identity to be inherited under certain conditions —e.g., when an NFC device (such as a smartphone/smartwatches) is in proximity during a card swipe event.

Action-Not Available
Vendor-HP Inc.
Product-Card Readers B Model
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-1992
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.26% / 48.68%
||
7 Day CHG~0.00%
Published-17 Mar, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HPE ArcSight ESM before 6.8c, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-enterprise_security_manager_expressenterprise_security_managern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-2023
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.14% / 33.75%
||
7 Day CHG~0.00%
Published-30 May, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HPE RESTful Interface Tool 1.40 allows local users to obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-restful_interface_tooln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-22435
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-8.3||HIGH
EPSS-0.22% / 44.10%
||
7 Day CHG~0.00%
Published-15 Apr, 2024 | 09:06
Updated-21 Aug, 2024 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HPE NonStop Web ViewPoint Enterprise software, Unauthorized access

A potential security vulnerability has been identified in Web ViewPoint Enterprise software. This vulnerability could be exploited to allow unauthorized users to access some resources on a NonStop system.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-HPE NonStop Web ViewPoint Enterprise softwareweb_viewpoint_t0986
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-6862
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.47% / 64.18%
||
7 Day CHG~0.00%
Published-08 Jan, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HPE UCMDB Browser before 4.02 allows remote attackers to obtain sensitive information or bypass intended access restrictions via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-ucmdb_browsern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-284
Improper Access Control
CVE-2023-50271
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-0.27% / 50.59%
||
7 Day CHG~0.00%
Published-17 Dec, 2023 | 14:49
Updated-02 Aug, 2024 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HP-UX System Management Homepage, Disclosure of Information

A potential security vulnerability has been identified with HP-UX System Management Homepage (SMH). This vulnerability could be exploited locally or remotely to disclose information.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-system_management_homepagehp-uxHPE System Management Homepage (SMH)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-43018
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 8.61%
||
7 Day CHG-0.03%
Published-30 Jul, 2025 | 14:31
Updated-24 Feb, 2026 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Certain HP LaserJet Pro Printers – Potential Information Disclosure

Certain HP LaserJet Pro printers may be vulnerable to information disclosure when a non-authenticated user queries a device’s local address book.

Action-Not Available
Vendor-HP Inc.
Product-w1a82aw1a75aw1a78aw1a30aw1a77aw1a30a_firmwarew1a76aw1a35a_firmwarew1a33aw1a29aw1a28a_firmwarew1a32a_firmwarew1a34aw1a35aw1a75a_firmwarew1a31a_firmwarew1a34a_firmwarew1a38aw1a76a_firmwarew1a80aw1a31aw1a32aw1a81a_firmwarew1a82a_firmwarew1a79aw1a81aw1a38a_firmwarew1a33a_firmwarew1a28aw1a80a_firmwarew1a78a_firmwarew1a79a_firmwarew1a29a_firmwarew1a77a_firmwareCertain HP LaserJet Pro Printers
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-5430
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-5||MEDIUM
EPSS-0.69% / 71.54%
||
7 Day CHG~0.00%
Published-27 Aug, 2015 | 01:50
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-matrix_operating_environmentn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-7196
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 36.79%
||
7 Day CHG~0.00%
Published-26 Oct, 2020 | 15:05
Updated-04 Aug, 2024 | 09:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HPE BlueData EPIC Software Platform version 4.0 and HPE Ezmeral Container Platform 5.0 use an insecure method of handling sensitive Kerberos passwords that is susceptible to unauthorized interception and/or retrieval. Specifically, they display the kdc_admin_password in the source file of the url "/bdswebui/assignusers/".

Action-Not Available
Vendor-n/aHP Inc.
Product-ezmeral_container_platformbluedata_epicBlueData EPIC Software; HPE Ezmeral Container Platform
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2015-6858
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-3.7||LOW
EPSS-0.41% / 61.04%
||
7 Day CHG~0.00%
Published-05 Jan, 2016 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Insight Control server provisioning before 7.5.0 RabbitMQ allows remote attackers to obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-insight_managementn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-5443
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-4||MEDIUM
EPSS-0.21% / 43.83%
||
7 Day CHG~0.00%
Published-12 Oct, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP 3PAR Service Processor SP 4.2.0.GA-29 (GA) SPOCC, SP 4.3.0.GA-17 (GA) SPOCC, and SP 4.3.0-GA-24 (MU1) SPOCC allows remote authenticated users to obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-3par_service_processor_spn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-5440
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.77% / 73.26%
||
7 Day CHG~0.00%
Published-16 Sep, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP UCMDB 10.00 and 10.01 before 10.01CUP12, 10.10 and 10.11 before 10.11CUP6, and 10.2x before 10.21 allows local users to obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-universal_configuration_management_databasen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-5403
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-4||MEDIUM
EPSS-0.21% / 43.89%
||
7 Day CHG~0.00%
Published-27 Aug, 2015 | 01:50
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-2139.

Action-Not Available
Vendor-n/aHP Inc.
Product-matrix_operating_environmentsystems_insight_managern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-2802
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.88% / 88.06%
||
7 Day CHG~0.00%
Published-04 Feb, 2020 | 20:09
Updated-06 Aug, 2024 | 05:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Information Disclosure vulnerability exists in HP SiteScope 11.2 and 11.3 on Windows, Linux and Solaris, HP Asset Manager 9.30 through 9.32, 9.40 through 9.41, 9.50, and Asset Manager Cloudsystem Chargeback 9.40, which could let a remote malicious user obtain sensitive information. This is the TLS vulnerability known as the RC4 cipher Bar Mitzvah vulnerability.

Action-Not Available
Vendor-n/aMicrosoft CorporationHP Inc.Oracle CorporationLinux Kernel Organization, Inc
Product-solarislinux_kernelasset_managerwindowssitescopeasset_manager_cloudsystem_chargebackn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-3269
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-2.89% / 86.12%
||
7 Day CHG-10.45%
Published-25 Aug, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe LiveCycle Data Services (LCDS) 3.0.x before 3.0.0.354170, 4.5 before 4.5.1.354169, 4.6.2 before 4.6.2.354169, and 4.7 before 4.7.0.354169 and other products, allows remote attackers to read arbitrary files via an AMF message containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Action-Not Available
Vendor-n/aHP Inc.Adobe Inc.
Product-business_service_managementlivecycle_data_servicesn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-2136
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-4||MEDIUM
EPSS-0.14% / 34.02%
||
7 Day CHG~0.00%
Published-16 Sep, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP ArcSight Logger before 6.0 P2 allows remote authenticated users to bypass the intended authorization policy via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-arcsight_loggern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-2108
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-3.5||LOW
EPSS-0.18% / 39.77%
||
7 Day CHG~0.00%
Published-31 Mar, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Powershell Operations in HP Operations Orchestration 9.x and 10.x allows remote authenticated users to obtain sensitive information via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-operations_orchestrationn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-2139
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-4||MEDIUM
EPSS-0.21% / 43.89%
||
7 Day CHG~0.00%
Published-27 Aug, 2015 | 01:50
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5403.

Action-Not Available
Vendor-n/aHP Inc.
Product-matrix_operating_environmentsystems_insight_managern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-2121
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-7.8||HIGH
EPSS-1.11% / 77.97%
||
7 Day CHG~0.00%
Published-25 May, 2015 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Network Virtualization for LoadRunner and Performance Center 8.61 and 11.52 allows remote attackers to read arbitrary files via a crafted filename in a URL to the (1) HttpServlet or (2) NetworkEditorController component, aka ZDI-CAN-2569.

Action-Not Available
Vendor-n/aHP Inc.
Product-network_virtualizationn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-43927
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 29.89%
||
7 Day CHG~0.00%
Published-17 Feb, 2023 | 16:51
Updated-18 Mar, 2025 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 for Linux, UNIX and Windows information disclosure

IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to information Disclosure due to improper privilege management when a specially crafted table access is used. IBM X-Force ID: 241671.

Action-Not Available
Vendor-IBM CorporationHP Inc.Microsoft CorporationOracle CorporationLinux Kernel Organization, Inc
Product-solarislinux_kerneldb2hp-uxwindowsaixDb2 for Linux, UNIX and Windows
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-269
Improper Privilege Management
CVE-2014-7883
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-5||MEDIUM
EPSS-57.74% / 98.14%
||
7 Day CHG~0.00%
Published-15 Feb, 2015 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Universal CMDB (UCMDB) Probe 9.05, 10.01, and 10.11 enables the HTTP TRACE method, which allows remote attackers to obtain sensitive information by reading the headers of a response.

Action-Not Available
Vendor-n/aHP Inc.
Product-universal_configuration_management_databasen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-4669
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.35% / 57.07%
||
7 Day CHG~0.00%
Published-28 Jun, 2014 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Enterprise Maps 1.00 allows remote authenticated users to read arbitrary files via a WSDL document containing an XML external entity declaration in conjunction with an entity reference within a GetQuote operation, related to an XML External Entity (XXE) issue.

Action-Not Available
Vendor-n/aHP Inc.
Product-enterprise_mapsn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found