Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-43018

Summary
Assigner-hp
Assigner Org ID-74586083-13ce-40fd-b46a-8e5d23cfbcb2
Published At-30 Jul, 2025 | 14:31
Updated At-30 Jul, 2025 | 14:45
Rejected At-
Credits

Certain HP LaserJet Pro Printers – Potential Information Disclosure

Certain HP LaserJet Pro printers may be vulnerable to information disclosure when a non-authenticated user queries a device’s local address book.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:hp
Assigner Org ID:74586083-13ce-40fd-b46a-8e5d23cfbcb2
Published At:30 Jul, 2025 | 14:31
Updated At:30 Jul, 2025 | 14:45
Rejected At:
▼CVE Numbering Authority (CNA)
Certain HP LaserJet Pro Printers – Potential Information Disclosure

Certain HP LaserJet Pro printers may be vulnerable to information disclosure when a non-authenticated user queries a device’s local address book.

Affected Products
Vendor
HP Inc.HP, Inc.
Product
Certain HP LaserJet Pro Printers
Default Status
unaffected
Versions
Affected
  • See HP security bulletin reference for affected versions
Problem Types
TypeCWE IDDescription
CWECWE-200CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Type: CWE
CWE ID: CWE-200
Description: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Metrics
VersionBase scoreBase severityVector
4.06.9MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Version: 4.0
Base score: 6.9
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.hp.com/us-en/document/ish_12807011-12807034-16/hpsbpi04040
N/A
Hyperlink: https://support.hp.com/us-en/document/ish_12807011-12807034-16/hpsbpi04040
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:hp-security-alert@hp.com
Published At:30 Jul, 2025 | 15:15
Updated At:24 Feb, 2026 | 14:37

Certain HP LaserJet Pro printers may be vulnerable to information disclosure when a non-authenticated user queries a device’s local address book.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.06.9MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Type: Secondary
Version: 4.0
Base score: 6.9
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CPE Matches
HP Inc.
hp
>>w1a75a_firmware>>Versions before 002.2508a(exclusive)
cpe:2.3:o:hp:w1a75a_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>w1a75a>>-
cpe:2.3:h:hp:w1a75a:-:*:*:*:*:*:*:*
HP Inc.
hp
>>w1a76a_firmware>>Versions before 002.2508a(exclusive)
cpe:2.3:o:hp:w1a76a_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>w1a76a>>-
cpe:2.3:h:hp:w1a76a:-:*:*:*:*:*:*:*
HP Inc.
hp
>>w1a77a_firmware>>Versions before 002.2508a(exclusive)
cpe:2.3:o:hp:w1a77a_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>w1a77a>>-
cpe:2.3:h:hp:w1a77a:-:*:*:*:*:*:*:*
HP Inc.
hp
>>w1a81a_firmware>>Versions before 002.2508a(exclusive)
cpe:2.3:o:hp:w1a81a_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>w1a81a>>-
cpe:2.3:h:hp:w1a81a:-:*:*:*:*:*:*:*
HP Inc.
hp
>>w1a82a_firmware>>Versions before 002.2508a(exclusive)
cpe:2.3:o:hp:w1a82a_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>w1a82a>>-
cpe:2.3:h:hp:w1a82a:-:*:*:*:*:*:*:*
HP Inc.
hp
>>w1a79a_firmware>>Versions before 002.2508a(exclusive)
cpe:2.3:o:hp:w1a79a_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>w1a79a>>-
cpe:2.3:h:hp:w1a79a:-:*:*:*:*:*:*:*
HP Inc.
hp
>>w1a80a_firmware>>Versions before 002.2508a(exclusive)
cpe:2.3:o:hp:w1a80a_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>w1a80a>>-
cpe:2.3:h:hp:w1a80a:-:*:*:*:*:*:*:*
HP Inc.
hp
>>w1a78a_firmware>>Versions before 002.2508a(exclusive)
cpe:2.3:o:hp:w1a78a_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>w1a78a>>-
cpe:2.3:h:hp:w1a78a:-:*:*:*:*:*:*:*
HP Inc.
hp
>>w1a29a_firmware>>Versions before 002.2508a(exclusive)
cpe:2.3:o:hp:w1a29a_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>w1a29a>>-
cpe:2.3:h:hp:w1a29a:-:*:*:*:*:*:*:*
HP Inc.
hp
>>w1a32a_firmware>>Versions before 002.2508a(exclusive)
cpe:2.3:o:hp:w1a32a_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>w1a32a>>-
cpe:2.3:h:hp:w1a32a:-:*:*:*:*:*:*:*
HP Inc.
hp
>>w1a30a_firmware>>Versions before 002.2508a(exclusive)
cpe:2.3:o:hp:w1a30a_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>w1a30a>>-
cpe:2.3:h:hp:w1a30a:-:*:*:*:*:*:*:*
HP Inc.
hp
>>w1a38a_firmware>>Versions before 002.2508a(exclusive)
cpe:2.3:o:hp:w1a38a_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>w1a38a>>-
cpe:2.3:h:hp:w1a38a:-:*:*:*:*:*:*:*
HP Inc.
hp
>>w1a34a_firmware>>Versions before 002.2508a(exclusive)
cpe:2.3:o:hp:w1a34a_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>w1a34a>>-
cpe:2.3:h:hp:w1a34a:-:*:*:*:*:*:*:*
HP Inc.
hp
>>w1a35a_firmware>>Versions before 002.2508a(exclusive)
cpe:2.3:o:hp:w1a35a_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>w1a35a>>-
cpe:2.3:h:hp:w1a35a:-:*:*:*:*:*:*:*
HP Inc.
hp
>>w1a28a_firmware>>Versions before 002.2508a(exclusive)
cpe:2.3:o:hp:w1a28a_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>w1a28a>>-
cpe:2.3:h:hp:w1a28a:-:*:*:*:*:*:*:*
HP Inc.
hp
>>w1a31a_firmware>>Versions before 002.2508a(exclusive)
cpe:2.3:o:hp:w1a31a_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>w1a31a>>-
cpe:2.3:h:hp:w1a31a:-:*:*:*:*:*:*:*
HP Inc.
hp
>>w1a33a_firmware>>Versions before 002.2508a(exclusive)
cpe:2.3:o:hp:w1a33a_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>w1a33a>>-
cpe:2.3:h:hp:w1a33a:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-200Secondaryhp-security-alert@hp.com
CWE ID: CWE-200
Type: Secondary
Source: hp-security-alert@hp.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://support.hp.com/us-en/document/ish_12807011-12807034-16/hpsbpi04040hp-security-alert@hp.com
Vendor Advisory
Hyperlink: https://support.hp.com/us-en/document/ish_12807011-12807034-16/hpsbpi04040
Source: hp-security-alert@hp.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

1055Records found
CVE-2026-1997
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.01% / 0.23%
||
7 Day CHG~0.00%
Published-10 Feb, 2026 | 17:54
Updated-12 Feb, 2026 | 15:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Certain HP OfficeJet Pro Printers - Information Disclosure

Certain HP OfficeJet Pro printers may expose information if Cross‑Origin Resource Sharing (CORS) is misconfigured, potentially allowing unauthorized web origins to access device resource. CORS is disabled by default on Pro‑class devices and can only be enabled by an administrator through the Embedded Web Server (EWS). Keeping CORS disabled unless explicitly required helps ensure that only trusted solutions can interact with the device.

Action-Not Available
Vendor-HP IncHP Inc.
Product-d9l63a_firmwarek7s39a_firmwarey0s19a_firmwarek7s40aj6x83a_firmwared9l18ak7s41a_firmwarej6x81a_firmwarek7s32a_firmwared9l18a_firmwaret0g70a_firmwarej3p68aj6x78ad9l63am9l67a_firmwarel3t99a_firmwarek7s32at0g46a_firmwarek7s40a_firmwaret0g70ak7s37a_firmwarem9l66a_firmwarel3t99ad9l20a_firmwareg5j38a_firmwarej3p67at0g47a_firmwarek7s42a_firmwarey0s19at0g47at1p99ak7s38at0g49aj3p65a_firmwarey0s18a_firmwaret0g48aj3p66a_firmwarem9l65a_firmwareg5j56a_firmwareg5j56at0g65a_firmwared9l20ad9l21ak7s43ag5j38ad9l64a_firmwarem9l70ak7s41ak7s43a_firmwarej3p68a_firmwarek7s38a_firmwaret0g46aj6x76aj6x81aj6x80a_firmwarej6x80am9l65aj6x77ad9l21a_firmwarej6x83aj6x79aj6x76a_firmwared9l64am9l70a_firmwarek7s42aj6x78a_firmwaret0g49a_firmwarej3p67a_firmwarem9l67at0g56aj6x79a_firmwaret0g56a_firmwaret1p99a_firmwarek7s39at0g65aj3p66ay0s18aj6x77a_firmwarej3p65am9l66ak7s37at0g48a_firmwareHP OfficeJet Pro 7720 Wide Format All-in-One Printer seriesHP OfficeJet Pro 7740 Wide Format All-in-One Printer seriesHP OfficeJet Pro 8730 Mono Printer seriesHP OfficeJet Pro 8740 All-in-One Printer seriesHP OfficeJet Pro 8730 All-in-One PrinterHP OfficeJet Pro 8710 All-in-One Printer seriesHP OfficeJet Pro 7730 Wide Format All-in-One PrinterHP OfficeJet Pro 8210 Printer series
CWE ID-CWE-346
Origin Validation Error
CVE-2020-7202
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-5.3||MEDIUM
EPSS-0.47% / 65.21%
||
7 Day CHG~0.00%
Published-05 Jan, 2021 | 14:08
Updated-04 Aug, 2024 | 09:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential security vulnerability has been identified in HPE Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 4 (iLO 4) firmware. The vulnerability could be remotely exploited to disclose the serial number and other information.

Action-Not Available
Vendor-n/aHP Inc.
Product-proliant_bl460c_gen8_server_bladeproliant_dl580_gen10_serverproliant_ml350e_gen8_serverproliant_dl560_gen10_serverproliant_xl220a_gen8_v2_serverproliant_dl180_gen9_serverproliant_ml350p_gen8_serverproliant_xl170r_gen10_serverproliant_ml350_gen10_serverproliant_dl360p_gen8_serverproliant_dl580_gen9_serverproliant_dl80_gen9_serverproliant_xl190r_gen9_serverproliant_dl560_gen9_serverproliant_ml310e_gen8_v2_serverproliant_xl740f_gen9_serverapollo_4200_gen10_serverproliant_dl385p_gen8_\(amd\)proliant_dl360_gen9_serverproliant_sl270s_gen8_serverproliant_ml30_gen9_serverproliant_dl380p_gen8_serverproliant_dl20_gen10_serverproliant_dl560_gen8_serverproliant_bl465c_gen8_server_bladeproliant_bl460c_gen9_server_bladeproliant_xl250a_gen9_serverapollo_4510_systemproliant_dl360_gen10_serverproliant_dl325_gen10_plus_serverproliant_bl660c_gen9_serverproliant_dl385_gen10_plus_serverintegrated_lights-out_4proliant_xl450_gen10_serverproliant_ml310e_gen8_serverproliant_xl230k_gen10_serverproliant_ml110_gen10_serverproliant_dl60_gen9_serverproliant_dl580_gen8_serverproliant_dl325_gen10_serverproliant_dl320e_gen8_v2_serverproliant_xl230a_gen9_serverproliant_sl4540_gen8_3_node_serversynergy_660_gen10_compute_moduleproliant_dl160_gen9_serverproliant_dl320e_gen8_serverconvergedsystem_cs700xproliant_sl250s_gen8_serverproliant_sl230s_gen8_serverproliant_dl380_gen10_serverproliant_sl270s_gen8_se_serverproliant_xl190r_gen10_serverproliant_xl170r_gen9_serverproliant_microserver_gen8proliant_dl120_gen9_serverintegrated_lights-out_5convergedsystem_cs700proliant_dl360e_gen8_serverproliant_xl730f_gen9_serverproliant_ml350_gen9_serverproliant_xl750f_gen9_serverproliant_dl160_gen8_serverproliant_dl380e_gen8_serverproliant_dl385_gen10_serverproliant_xl270d_gen10_serverproliant_ws460c_gen9_graphics_server_bladeproliant_bl460c_gen10_server_bladeproliant_dl380_gen9_serversynergy_480_gen10_compute_moduleproliant_dl120_gen10_serverproliant_ml110_gen9_serverproliant_xl450_gen9_serversynergy_480_gen9_compute_moduleproliant_ml30_gen10_serverapollo_4200_gen9_serverproliant_bl420c_gen8_serverproliant_bl660c_gen8_server_bladeproliant_ml350e_gen8_v2_serverproliant_dl160_gen10_serverproliant_dl180_gen10_serverapollo_r2000_chassisproliant_ws460c_gen8_graphics_server_bladeproliant_sl210t_gen8_serverHPE ProLiant Servers, Apollo Products, Converged Systems, and Synergy Compute Modules with Integrated Lights-Out 5 (iLO 5), or Integrated Lights-Out 4 (iLO 4)
CVE-2020-4761
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 39.10%
||
7 Day CHG~0.00%
Published-05 Jan, 2021 | 15:10
Updated-17 Sep, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and 6.1.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 188895.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-sterling_b2b_integratorsolarislinux_kernelihp-uxwindowsaixSterling B2B Integrator
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2022-22473
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-3.7||LOW
EPSS-0.16% / 37.15%
||
7 Day CHG~0.00%
Published-14 Jul, 2022 | 16:25
Updated-16 Sep, 2024 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console data. This information could be used in further attacks against the system. IBM X-Force ID: 225347.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kernelwebsphere_application_serverihp-uxwindowsz\/osaixWebSphere Application Server
CVE-2021-39086
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 26.76%
||
7 Day CHG~0.00%
Published-16 Aug, 2022 | 18:45
Updated-16 Sep, 2024 | 19:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling File Gateway 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 215889.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarissterling_file_gatewaylinux_kernelhp-uxwindowsaixSterling File Gateway
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2016-2027
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.67% / 82.50%
||
7 Day CHG~0.00%
Published-08 Jun, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-2026.

Action-Not Available
Vendor-n/aHP Inc.
Product-systems_insight_managermatrix_operating_environmentn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-2013
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.26% / 49.16%
||
7 Day CHG~0.00%
Published-07 May, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-network_node_manager_in/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-1994
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.26% / 49.16%
||
7 Day CHG~0.00%
Published-18 Mar, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-system_management_homepagen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-2015
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-0.13% / 31.72%
||
7 Day CHG~0.00%
Published-14 May, 2016 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HPE System Management Homepage before 7.5.5 allows local users to obtain sensitive information or modify data via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-system_management_homepagen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-2026
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.67% / 82.50%
||
7 Day CHG~0.00%
Published-08 Jun, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-2027.

Action-Not Available
Vendor-n/aHP Inc.
Product-systems_insight_managermatrix_operating_environmentn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-2023
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.14% / 33.53%
||
7 Day CHG~0.00%
Published-30 May, 2016 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HPE RESTful Interface Tool 1.40 allows local users to obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-restful_interface_tooln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-2107
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.9||MEDIUM
EPSS-79.96% / 99.13%
||
7 Day CHG~0.00%
Published-05 May, 2016 | 00:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEGoogle LLCOpenSSLRed Hat, Inc.HP Inc.Debian GNU/LinuxNode.js (OpenJS Foundation)
Product-debian_linuxubuntu_linuxenterprise_linux_serverenterprise_linux_workstationhelion_openstacknode.jsenterprise_linux_desktopopensuseleapenterprise_linux_server_eusenterprise_linux_server_ausenterprise_linux_hpc_nodeopensslandroidenterprise_linux_hpc_node_eusn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-1992
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.26% / 49.16%
||
7 Day CHG~0.00%
Published-17 Mar, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HPE ArcSight ESM before 6.8c, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-enterprise_security_manager_expressenterprise_security_managern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-2025
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.65% / 71.31%
||
7 Day CHG~0.00%
Published-30 May, 2016 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HPE Service Manager 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote attackers to obtain sensitive information via unspecified vectors, related to the Web Client, Service Request Catalog, and Mobility components.

Action-Not Available
Vendor-n/aHP Inc.
Product-service_managern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-2244
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.70% / 72.57%
||
7 Day CHG~0.00%
Published-04 Mar, 2016 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP LaserJet printers and MFPs and OfficeJet Enterprise printers with firmware before 3.7.01 allow remote attackers to obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-b5l05ab3g85aa2w78acf236acd645aa2w76ace995ab5l04ad3l08acc522aa2w77ad7p70aj7x28acz245ac2s12ace994aca251ace991acf082acd646acf069acz256acz258ad3l09ad3l10acf367aa2w79acz244ac2s11acz255acf118ad7p71acf068afuturesmart_firmwarecf117acc524ace990acf238acf081ace992ace993acd644acf067acz257acz250acf066acf083ab5l07ace996acz249acc523acf116acf235aa2w75ace989an/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2008-4560
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.43% / 62.72%
||
7 Day CHG~0.00%
Published-08 Feb, 2009 | 21:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to obtain sensitive information via (1) a crafted request to the nnmRptConfig.exe CGI program, which reveals the pathname of log directories; or (2) a crafted parameter in a request to the ovlaunch.exe CGI program, which reveals configuration details. NOTE: this issue may be partially covered by CVE-2009-0205.

Action-Not Available
Vendor-n/aHP Inc.
Product-openview_network_node_managern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-5430
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-5||MEDIUM
EPSS-0.69% / 72.24%
||
7 Day CHG~0.00%
Published-27 Aug, 2015 | 01:50
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-matrix_operating_environmentn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-0777
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-77.40% / 99.00%
||
7 Day CHG+5.74%
Published-14 Jan, 2016 | 00:00
Updated-29 May, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.

Action-Not Available
Vendor-n/aOracle CorporationHP Inc.Sophos Ltd.OpenBSDApple Inc.
Product-mac_os_xunified_threat_management_softwarelinuxunified_threat_managementsolarisopensshremote_device_access_virtual_customer_access_systemn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-6858
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-3.7||LOW
EPSS-0.41% / 61.77%
||
7 Day CHG~0.00%
Published-05 Jan, 2016 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Insight Control server provisioning before 7.5.0 RabbitMQ allows remote attackers to obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-insight_managementn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-6862
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.47% / 64.90%
||
7 Day CHG~0.00%
Published-08 Jan, 2016 | 02:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HPE UCMDB Browser before 4.02 allows remote attackers to obtain sensitive information or bypass intended access restrictions via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-ucmdb_browsern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-284
Improper Access Control
CVE-2015-5440
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.15% / 36.00%
||
7 Day CHG~0.00%
Published-16 Sep, 2015 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP UCMDB 10.00 and 10.01 before 10.01CUP12, 10.10 and 10.11 before 10.11CUP6, and 10.2x before 10.21 allows local users to obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-universal_configuration_management_databasen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-5443
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-4||MEDIUM
EPSS-0.21% / 43.96%
||
7 Day CHG~0.00%
Published-12 Oct, 2015 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP 3PAR Service Processor SP 4.2.0.GA-29 (GA) SPOCC, SP 4.3.0.GA-17 (GA) SPOCC, and SP 4.3.0-GA-24 (MU1) SPOCC allows remote authenticated users to obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-3par_service_processor_spn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-5411
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.27% / 50.85%
||
7 Day CHG~0.00%
Published-26 Aug, 2015 | 18:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-version_control_repository_managern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-5403
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-4||MEDIUM
EPSS-0.21% / 44.02%
||
7 Day CHG~0.00%
Published-27 Aug, 2015 | 01:50
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-2139.

Action-Not Available
Vendor-n/aHP Inc.
Product-systems_insight_managermatrix_operating_environmentn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-2121
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-7.8||HIGH
EPSS-1.11% / 78.58%
||
7 Day CHG~0.00%
Published-25 May, 2015 | 17:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Network Virtualization for LoadRunner and Performance Center 8.61 and 11.52 allows remote attackers to read arbitrary files via a crafted filename in a URL to the (1) HttpServlet or (2) NetworkEditorController component, aka ZDI-CAN-2569.

Action-Not Available
Vendor-n/aHP Inc.
Product-network_virtualizationn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-2139
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-4||MEDIUM
EPSS-0.21% / 44.02%
||
7 Day CHG~0.00%
Published-27 Aug, 2015 | 01:50
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5403.

Action-Not Available
Vendor-n/aHP Inc.
Product-systems_insight_managermatrix_operating_environmentn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-2108
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-3.5||LOW
EPSS-0.18% / 39.62%
||
7 Day CHG~0.00%
Published-31 Mar, 2015 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Powershell Operations in HP Operations Orchestration 9.x and 10.x allows remote authenticated users to obtain sensitive information via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-operations_orchestrationn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-2802
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.88% / 88.51%
||
7 Day CHG~0.00%
Published-04 Feb, 2020 | 20:09
Updated-06 Aug, 2024 | 05:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Information Disclosure vulnerability exists in HP SiteScope 11.2 and 11.3 on Windows, Linux and Solaris, HP Asset Manager 9.30 through 9.32, 9.40 through 9.41, 9.50, and Asset Manager Cloudsystem Chargeback 9.40, which could let a remote malicious user obtain sensitive information. This is the TLS vulnerability known as the RC4 cipher Bar Mitzvah vulnerability.

Action-Not Available
Vendor-n/aMicrosoft CorporationHP Inc.Oracle CorporationLinux Kernel Organization, Inc
Product-solarislinux_kernelasset_managerwindowssitescopeasset_manager_cloudsystem_chargebackn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-7196
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 36.51%
||
7 Day CHG~0.00%
Published-26 Oct, 2020 | 15:05
Updated-04 Aug, 2024 | 09:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HPE BlueData EPIC Software Platform version 4.0 and HPE Ezmeral Container Platform 5.0 use an insecure method of handling sensitive Kerberos passwords that is susceptible to unauthorized interception and/or retrieval. Specifically, they display the kdc_admin_password in the source file of the url "/bdswebui/assignusers/".

Action-Not Available
Vendor-n/aHP Inc.
Product-ezmeral_container_platformbluedata_epicBlueData EPIC Software; HPE Ezmeral Container Platform
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2010-3284
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.52% / 67.05%
||
7 Day CHG~0.00%
Published-24 Sep, 2010 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to obtain sensitive information via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-system_management_homepagen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-7883
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-5||MEDIUM
EPSS-57.74% / 98.21%
||
7 Day CHG~0.00%
Published-15 Feb, 2015 | 20:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Universal CMDB (UCMDB) Probe 9.05, 10.01, and 10.11 enables the HTTP TRACE method, which allows remote attackers to obtain sensitive information by reading the headers of a response.

Action-Not Available
Vendor-n/aHP Inc.
Product-universal_configuration_management_databasen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-3508
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-6||MEDIUM
EPSS-0.13% / 32.99%
||
7 Day CHG~0.00%
Published-25 Jul, 2025 | 15:58
Updated-24 Feb, 2026 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Certain HP DesignJet products – Information disclosure

Certain HP DesignJet products may be vulnerable to information disclosure though printer's web interface allowing unauthenticated users to view sensitive print job information.

Action-Not Available
Vendor-HP Inc.
Product-w6b55gw6b56e_firmwaret8w18cw3z72aw3z72ew3z72f_firmwaret8w15fw3z71d_firmwarew6b56d_firmware1vd85a_firmwaret8w18gt8w18f_firmwarew3z71c_firmwarex9d24ht8w15gw6b55a_firmwaret8w18d_firmwaret8w16b_firmware1vd87fx9d24bw3z72bx9d24c1vd88ft8w16ew6b55h_firmwaret8w15bw6b55b1vd84a_firmwarew6b55ew6b55at8w15ew6b55c_firmwarew3z71cx9d24f_firmwaret8w18b_firmwarex9d24ew3z71a_firmwarew6b55hw6b55g_firmware1vd88b1vd88f_firmwarew3z72c_firmwarew3z71b_firmwarew6b55fw6b56b_firmwaret8w16h_firmwarew3z72g_firmwarew6b56g1vd87aw6b56b1vd88b_firmwaret8w16b1vd86a_firmwarew3z72gt8w18fw3z71f_firmwaret8w15aw3z71e_firmware1vd84aw6b56fw6b55b_firmwarew6b56f_firmwaret8w18et8w18e_firmwaret8w15e_firmwarew6b56at8w15g_firmware1vd88a_firmwarew3z72h_firmwaret8w18h_firmwaret8w16gw6b56h_firmwarew3z71dx9d24g_firmwaret8w16c_firmwaret8w15c_firmware1vd87f_firmwaret8w18b1vd83at8w16aw3z71g_firmwarew3z71hw6b56g_firmwarew3z72b_firmware1vd87a_firmwarex9d24h_firmwarew3z72dt8w15d_firmwarew6b55d_firmwarex9d24e_firmwarew3z71ft8w15cw6b56c_firmwarew3z72d_firmwaret8w18ht8w16dw3z72fw3z71bx9d24c_firmwarew6b56dw3z71ax9d24b_firmwarex9d24ft8w16fw3z71gt8w16f_firmwarew6b55ct8w16e_firmwaret8w16g_firmwarex9d24gt8w18dt8w15hx9d24aw6b56h1vd85ax9d24dt8w16d_firmwaret8w16ht8w15b_firmwarew6b55dt8w16a_firmwarew3z72e_firmwaret8w16ct8w18a_firmwarew3z72ct8w18a1vd88aw3z71et8w15h_firmwarew3z72a_firmwarew6b56et8w15a_firmwarex9d24a_firmware1vd86aw6b55f_firmwarex9d24d_firmwarew3z71h_firmware1vd83a_firmwaret8w15dt8w18g_firmwaret8w15f_firmwarew6b56a_firmwaret8w18c_firmwarew6b55e_firmwarew3z72hw6b56cCertain HP DesignJet products
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-8525
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.5||HIGH
EPSS-6.51% / 91.32%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Disclosure of Information vulnerability in HPE iMC PLAT version v7.2 E0403P06 and earlier was found. The problem was resolved in iMC PLAT 7.3 E0504 or subsequent version.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centeriMC PLAT
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-4669
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.35% / 57.75%
||
7 Day CHG~0.00%
Published-28 Jun, 2014 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Enterprise Maps 1.00 allows remote authenticated users to read arbitrary files via a WSDL document containing an XML external entity declaration in conjunction with an entity reference within a GetQuote operation, related to an XML External Entity (XXE) issue.

Action-Not Available
Vendor-n/aHP Inc.
Product-enterprise_mapsn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-3956
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-1.9||LOW
EPSS-0.08% / 23.73%
||
7 Day CHG~0.00%
Published-04 Jun, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program.

Action-Not Available
Vendor-sendmailn/aFreeBSD FoundationHP Inc.Fedora Project
Product-hpuxsendmailfreebsdfedoran/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-50271
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-0.21% / 43.74%
||
7 Day CHG~0.00%
Published-17 Dec, 2023 | 14:49
Updated-02 Aug, 2024 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HP-UX System Management Homepage, Disclosure of Information

A potential security vulnerability has been identified with HP-UX System Management Homepage (SMH). This vulnerability could be exploited locally or remotely to disclose information.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-system_management_homepagehp-uxHPE System Management Homepage (SMH)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-12785
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 10.21%
||
7 Day CHG~0.00%
Published-13 Nov, 2025 | 17:38
Updated-13 Feb, 2026 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Certain HP LaserJet Pro Printers – Potential Information Disclosure

Certain HP LaserJet Pro printers may be vulnerable to information disclosure leading to credential exposure by altering the scan/send destination address and/or modifying the LDAP Server.

Action-Not Available
Vendor-HP IncHP Inc.
Product-7kw59a7kw64a_firmwarew1a63a7kw68a7kw75a_firmware7kw57a_firmwarew1a82aw1a77a7kw66aw1a30a_firmwarew1a35a_firmware7kw55a7kw66a_firmwarew1y47a_firmwarew1a76aw1a33a7kw67aw1a28a_firmware7kw49a_firmwarew1a32a_firmware7kw59a_firmwarew1a60a_firmwarew1a34aw1y47aw1a63a_firmwarew1y45a_firmwarew1a35aw1y40aw1y40a_firmwarew1a52aw1a38a7kw74aw1a80aw1y43aw1a31a7kw56a7kw57aw1a48a_firmware7kw73a_firmwarew1a57a_firmwarew1a81a_firmwarew1a79aw1a56aw1a38a_firmware7kw76a7kw58a_firmware7kw48a7kw72a_firmwarew1a58a_firmwarew1a47a7kw77a_firmware7kw72aw1a56a_firmware7kw48a_firmwarew1a66aw1a58aw1a79a_firmwarew1a51a_firmwarew1y43a_firmwarew1y44a7kw79aw1y41a_firmware7kw58aw1a77a_firmware7kw77a7kw63a_firmware7kw78a7kw65a7kw64a7kw54a_firmwarew1a53aw1y44a_firmwarew1y46a_firmwarew1a59aw1a75aw1a53a_firmwarew1a78aw1a30a7kw68a_firmware7kw51a_firmwarew1y46aw1a57a7kw65a_firmwarew1a51aw1a29aw1a47a_firmware7kw63a7kw79a_firmwarew1a48a7kw74a_firmware93m22a_firmwarew1a60aw1a46a_firmwarew1a31a_firmwarew1a46aw1a75a_firmwarew1a34a_firmwarew1y45a7kw51aw1a76a_firmware7kw76a_firmwarew1a32aw1y41aw1a82a_firmwarew1a52a_firmware93m22aw1a81aw1a33a_firmware7kw50aw1a59a_firmware7kw75a7kw56a_firmware7kw55a_firmwarew1a28aw1a80a_firmware7kw50a_firmwarew1a66a_firmwarew1a78a_firmware7kw54aw1a29a_firmware7kw49a7kw73a7kw78a_firmware7kw67a_firmwareHP LaserJet Pro MFP M428-M429 f seriesHP LaserJet Pro M304-M305 Printer seriesHP Color LaserJet Pro M453-M454 seriesHP Color LaserJet MFP M478-M479 seriesHP LaserJet Pro M404-M405 Printer seriesHP LaserJet Pro MFP M428-M429 series
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-12784
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 10.21%
||
7 Day CHG~0.00%
Published-13 Nov, 2025 | 17:35
Updated-13 Feb, 2026 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Certain HP LaserJet Pro Printers – Potential Information Disclosure

Certain HP LaserJet Pro printers may be vulnerable to information disclosure leading to credential exposure by altering the scan/send destination address and/or modifying the LDAP Server.

Action-Not Available
Vendor-HP IncHP Inc.
Product-7kw59a7kw64a_firmwarew1a63a7kw68a7kw75a_firmware7kw57a_firmwarew1a82aw1a77a7kw66aw1a30a_firmwarew1a35a_firmware7kw55a7kw66a_firmwarew1y47a_firmwarew1a76aw1a33a7kw67aw1a28a_firmware7kw49a_firmwarew1a32a_firmware7kw59a_firmwarew1a60a_firmwarew1a34aw1y47aw1a63a_firmwarew1y45a_firmwarew1a35aw1y40aw1y40a_firmwarew1a52aw1a38a7kw74aw1a80aw1y43aw1a31a7kw56a7kw57aw1a48a_firmware7kw73a_firmwarew1a57a_firmwarew1a81a_firmwarew1a79aw1a56aw1a38a_firmware7kw76a7kw58a_firmware7kw48a7kw72a_firmwarew1a58a_firmwarew1a47a7kw77a_firmware7kw72aw1a56a_firmware7kw48a_firmwarew1a66aw1a58aw1a79a_firmwarew1a51a_firmwarew1y43a_firmwarew1y44a7kw79aw1y41a_firmware7kw58aw1a77a_firmware7kw77a7kw63a_firmware7kw78a7kw65a7kw64a7kw54a_firmwarew1a53aw1y44a_firmwarew1y46a_firmwarew1a59aw1a75aw1a53a_firmwarew1a78aw1a30a7kw68a_firmware7kw51a_firmwarew1y46aw1a57a7kw65a_firmwarew1a51aw1a29aw1a47a_firmware7kw63a7kw79a_firmwarew1a48a7kw74a_firmware93m22a_firmwarew1a60aw1a46a_firmwarew1a31a_firmwarew1a46aw1a75a_firmwarew1a34a_firmwarew1y45a7kw51aw1a76a_firmware7kw76a_firmwarew1a32aw1y41aw1a82a_firmwarew1a52a_firmware93m22aw1a81aw1a33a_firmware7kw50aw1a59a_firmware7kw75a7kw56a_firmware7kw55a_firmwarew1a28aw1a80a_firmware7kw50a_firmwarew1a66a_firmwarew1a78a_firmware7kw54aw1a29a_firmware7kw49a7kw73a7kw78a_firmware7kw67a_firmwareHP LaserJet Pro MFP M428-M429 f seriesHP LaserJet Pro M304-M305 Printer seriesHP Color LaserJet Pro M453-M454 seriesHP Color LaserJet MFP M478-M479 seriesHP LaserJet Pro M404-M405 Printer seriesHP LaserJet Pro MFP M428-M429 series
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-4826
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-5||MEDIUM
EPSS-77.23% / 99.00%
||
7 Day CHG~0.00%
Published-13 Oct, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-1647.

Action-Not Available
Vendor-n/aHP Inc.
Product-imc_service_operation_management_software_moduleintelligent_management_centern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-4832
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-4||MEDIUM
EPSS-0.21% / 43.96%
||
7 Day CHG~0.00%
Published-16 Oct, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Service Manager 9.30 through 9.32 allows remote authenticated users to obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-service_managern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-4829
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-1.5||LOW
EPSS-0.06% / 17.78%
||
7 Day CHG~0.00%
Published-04 Oct, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP LaserJet M4555, M525, and M725; LaserJet flow MFP M525c; LaserJet Enterprise color flow MFP M575c; Color LaserJet CM4540, M575, and M775; and ScanJet Enterprise 8500fn1 FutureSmart devices allow local users to read images of arbitrary scanned documents via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-color_laserjet_cm4540flaserjet_enterprise_color_flow_m575ccolor_laserjet_m775zlaserjet_m4555laserjet_m725zlaserjet_m725dnlaserjet_m725z\+color_laserjet_m775z\+laserjet_m4555fcolor_laserjet_m775dncolor_laserjet_cm4540color_laserjet_m575dnlaserjet_m525flaserjet_m725flaserjet_m525dncolor_laserjet_m775flaserjet_flow_m525claserjet_m4555hscanjet_enterprise_8500fn1laserjet_m4555fskmcolor_laserjet_m575fcolor_laserjet_cm4540fskmn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-2322
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-3.5||LOW
EPSS-0.18% / 39.97%
||
7 Day CHG~0.00%
Published-28 Jun, 2013 | 14:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP SQL/MX 3.2 and earlier on NonStop servers, when SQL/MP Objects are used, allows remote authenticated users to obtain sensitive information via unspecified vectors, aka the "SQL/MP index" issue.

Action-Not Available
Vendor-n/aHP Inc.
Product-nonstop_sql\/mxn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2012-5222
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-5||MEDIUM
EPSS-0.64% / 70.88%
||
7 Day CHG~0.00%
Published-02 May, 2013 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Service Manager Web Tier 9.31 before 9.31.2004 p2 allows remote attackers to obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.Microsoft Corporation
Product-service_manager_web_tierwindowsn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2012-3249
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-4||MEDIUM
EPSS-0.24% / 47.07%
||
7 Day CHG~0.00%
Published-16 Aug, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Fortify Software Security Center 3.1, 3.3, 3.4, and 3.5 allows remote authenticated users to obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-fortify_software_security_centern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-7130
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.5||HIGH
EPSS-4.25% / 89.04%
||
7 Day CHG~0.00%
Published-04 Mar, 2020 | 20:21
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HPE OneView Global Dashboard (OVGD) 1.9 has a remote information disclosure vulnerability. HPE OneView Global Dashboard - After Upgrade or Install of OVGD Version 1.9, Appliance Firewall May Leave Ports Open. This is resolved in OVGD 1.91 or later.

Action-Not Available
Vendor-n/aHP Inc.
Product-oneview_global_dashboardHPE OneView Global Dashboard
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-38729
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.10% / 26.73%
||
7 Day CHG~0.00%
Published-03 Apr, 2024 | 12:27
Updated-31 Jan, 2025 | 15:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 information disclosure

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to sensitive information disclosure when using ADMIN_CMD with IMPORT or EXPORT.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-hp-uxwindowssolarisaixlinux_on_ibm_zlinux_kerneldb2Db2 for Linux, UNIX and Windowsdb2_connect_serverdb2
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-6331
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-3.3||LOW
EPSS-0.11% / 28.89%
||
7 Day CHG~0.00%
Published-09 Jan, 2020 | 18:28
Updated-04 Aug, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was found in Samsung Mobile Print (Android) versions prior to 4.08.007. A potential security vulnerability caused by incomplete obfuscation of application configuration information.

Action-Not Available
Vendor-n/aHP Inc.
Product-samsung_mobile_printSamsung Mobile Print (Android)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2012-1994
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-5.7||MEDIUM
EPSS-0.62% / 70.41%
||
7 Day CHG~0.00%
Published-10 Feb, 2020 | 15:31
Updated-06 Aug, 2024 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Systems Insight Manager before 7.0 allows a remote user on adjacent network to access information

Action-Not Available
Vendor-HPHP Inc.
Product-systems_insight_managerHP Systems Insight Manager
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-33848
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.28% / 51.51%
||
7 Day CHG+0.20%
Published-07 Jun, 2023 | 20:13
Updated-06 Jan, 2025 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM CICS TX information disclosure

IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 could allow a privileged user to obtain highly sensitive information by enabling debug mode. IBM X-Force ID: 257104.

Action-Not Available
Vendor-HP Inc.IBM CorporationLinux Kernel Organization, Inc
Product-txseries_for_multiplatformslinux_kernelcics_txhp-uxaixCICS TX AdvancedCICS TX StandardTXSeries for Multiplatforms
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2012-0130
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-5||MEDIUM
EPSS-1.18% / 79.15%
||
7 Day CHG~0.00%
Published-04 Apr, 2012 | 23:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Onboard Administrator (OA) before 3.50 allows remote attackers to obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-onboard_administratorn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 21
  • 22
  • Next
Details not found