Sitescope
by Microfocus
CVEs (22)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-14349 | Cri | 0.64 | 9.8 | 0.03 | Sep 30, 2017 | An authentication vulnerability in HPE SiteScope product versions 11.2x and 11.3x, allows read-only accounts to view all SiteScope interfaces and monitors, potentially exposing sensitive data. | ||
| CVE-2013-4835 | 0.09 | — | 0.71 | Nov 4, 2013 | The APISiteScopeImpl SOAP service in HP SiteScope 10.1x and 11.x before 11.22 allows remote attackers to bypass authentication and execute arbitrary code via a direct request to the issueSiebelCmd method, aka ZDI-CAN-1765. | |||
| CVE-2013-2367 | 0.09 | — | 0.69 | Jul 31, 2013 | Multiple unspecified vulnerabilities in HP SiteScope 11.20 and 11.21, when SOAP is used, allow remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1678. | |||
| CVE-2012-3261 | 0.06 | — | 0.38 | Sep 25, 2012 | Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1463. | |||
| CVE-2012-3260 | 0.06 | — | 0.38 | Sep 25, 2012 | Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1462. | |||
| CVE-2012-3259 | 0.05 | — | 0.60 | Sep 25, 2012 | Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1461. | |||
| CVE-2012-3263 | 0.01 | — | 0.09 | Sep 25, 2012 | Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1465. | |||
| CVE-2012-3262 | 0.01 | — | 0.09 | Sep 25, 2012 | Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1464. | |||
| CVE-2021-22519 | 0.00 | — | 0.02 | May 28, 2021 | Execute arbitrary code vulnerability in Micro Focus SiteScope product, affecting versions 11.40,11.41 , 2018.05(11.50), 2018.08(11.51), 2018.11(11.60), 2019.02(11.70), 2019.05(11.80), 2019.08(11.90), 2019.11(11.91), 2020.05(11.92), 2020.10(11.93). The vulnerability could allow… | |||
| CVE-2015-2802 | 0.00 | — | 0.06 | Feb 4, 2020 | An Information Disclosure vulnerability exists in HP SiteScope 11.2 and 11.3 on Windows, Linux and Solaris, HP Asset Manager 9.30 through 9.32, 9.40 through 9.41, 9.50, and Asset Manager Cloudsystem Chargeback 9.40, which could let a remote malicious user obtain sensitive… | |||
| CVE-2015-2120 | 0.00 | — | 0.03 | May 25, 2015 | Unspecified vulnerability in HP SiteScope 11.1x before 11.13, 11.2x before 11.24.391, and 11.3x before 11.30.521 allows remote authenticated users to gain privileges via unknown vectors, aka ZDI-CAN-2567. | |||
| CVE-2014-7882 | 0.00 | — | 0.02 | Feb 2, 2015 | Unspecified vulnerability in HP SiteScope 11.1x and 11.2x allows remote authenticated users to gain privileges via unknown vectors. | |||
| CVE-2014-2614 | 0.00 | — | 0.05 | Jul 7, 2014 | Unspecified vulnerability in HP SiteScope 11.1x through 11.13 and 11.2x through 11.24 allows remote attackers to bypass authentication via unknown vectors, aka ZDI-CAN-2140. | |||
| CVE-2013-6207 | 0.00 | — | 0.03 | Mar 11, 2014 | Unspecified vulnerability in the loadFileContents function in the SOAP implementation in HP SiteScope 10.1x, 11.1x, and 11.21 allows remote attackers to read arbitrary files or cause a denial of service via unknown vectors, aka ZDI-CAN-2084. | |||
| CVE-2012-3264 | 0.00 | — | 0.06 | Sep 25, 2012 | Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1472. | |||
| CVE-2011-2401 | 0.00 | — | 0.04 | Jul 29, 2011 | Session fixation vulnerability in HP SiteScope 9.x, 10.x, and 11.x allows remote attackers to hijack web sessions via unspecified vectors. | |||
| CVE-2011-2400 | 0.00 | — | 0.03 | Jul 29, 2011 | Cross-site scripting (XSS) vulnerability in HP SiteScope 9.x, 10.x, and 11.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2011-1727 | 0.00 | — | 0.02 | May 3, 2011 | Cross-site scripting (XSS) vulnerability in HP SiteScope 9.54, 10.13, 11.01, and 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to an "HTML injection" issue. | |||
| CVE-2011-1726 | 0.00 | — | 0.03 | May 3, 2011 | Cross-site scripting (XSS) vulnerability in HP SiteScope 9.54, 10.13, 11.01, and 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2007-4350 | 0.00 | — | 0.02 | Oct 21, 2008 | Cross-site scripting (XSS) vulnerability in the management interface in HP SiteScope 9.0 build 911 allows remote attackers to inject arbitrary web script or HTML via an SNMP trap message. |
- risk 0.64cvss 9.8epss 0.03
An authentication vulnerability in HPE SiteScope product versions 11.2x and 11.3x, allows read-only accounts to view all SiteScope interfaces and monitors, potentially exposing sensitive data.
- CVE-2013-4835Nov 4, 2013risk 0.09cvss —epss 0.71
The APISiteScopeImpl SOAP service in HP SiteScope 10.1x and 11.x before 11.22 allows remote attackers to bypass authentication and execute arbitrary code via a direct request to the issueSiebelCmd method, aka ZDI-CAN-1765.
- CVE-2013-2367Jul 31, 2013risk 0.09cvss —epss 0.69
Multiple unspecified vulnerabilities in HP SiteScope 11.20 and 11.21, when SOAP is used, allow remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1678.
- CVE-2012-3261Sep 25, 2012risk 0.06cvss —epss 0.38
Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1463.
- CVE-2012-3260Sep 25, 2012risk 0.06cvss —epss 0.38
Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1462.
- CVE-2012-3259Sep 25, 2012risk 0.05cvss —epss 0.60
Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1461.
- CVE-2012-3263Sep 25, 2012risk 0.01cvss —epss 0.09
Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1465.
- CVE-2012-3262Sep 25, 2012risk 0.01cvss —epss 0.09
Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1464.
- CVE-2021-22519May 28, 2021risk 0.00cvss —epss 0.02
Execute arbitrary code vulnerability in Micro Focus SiteScope product, affecting versions 11.40,11.41 , 2018.05(11.50), 2018.08(11.51), 2018.11(11.60), 2019.02(11.70), 2019.05(11.80), 2019.08(11.90), 2019.11(11.91), 2020.05(11.92), 2020.10(11.93). The vulnerability could allow…
- CVE-2015-2802Feb 4, 2020risk 0.00cvss —epss 0.06
An Information Disclosure vulnerability exists in HP SiteScope 11.2 and 11.3 on Windows, Linux and Solaris, HP Asset Manager 9.30 through 9.32, 9.40 through 9.41, 9.50, and Asset Manager Cloudsystem Chargeback 9.40, which could let a remote malicious user obtain sensitive…
- CVE-2015-2120May 25, 2015risk 0.00cvss —epss 0.03
Unspecified vulnerability in HP SiteScope 11.1x before 11.13, 11.2x before 11.24.391, and 11.3x before 11.30.521 allows remote authenticated users to gain privileges via unknown vectors, aka ZDI-CAN-2567.
- CVE-2014-7882Feb 2, 2015risk 0.00cvss —epss 0.02
Unspecified vulnerability in HP SiteScope 11.1x and 11.2x allows remote authenticated users to gain privileges via unknown vectors.
- CVE-2014-2614Jul 7, 2014risk 0.00cvss —epss 0.05
Unspecified vulnerability in HP SiteScope 11.1x through 11.13 and 11.2x through 11.24 allows remote attackers to bypass authentication via unknown vectors, aka ZDI-CAN-2140.
- CVE-2013-6207Mar 11, 2014risk 0.00cvss —epss 0.03
Unspecified vulnerability in the loadFileContents function in the SOAP implementation in HP SiteScope 10.1x, 11.1x, and 11.21 allows remote attackers to read arbitrary files or cause a denial of service via unknown vectors, aka ZDI-CAN-2084.
- CVE-2012-3264Sep 25, 2012risk 0.00cvss —epss 0.06
Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1472.
- CVE-2011-2401Jul 29, 2011risk 0.00cvss —epss 0.04
Session fixation vulnerability in HP SiteScope 9.x, 10.x, and 11.x allows remote attackers to hijack web sessions via unspecified vectors.
- CVE-2011-2400Jul 29, 2011risk 0.00cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in HP SiteScope 9.x, 10.x, and 11.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2011-1727May 3, 2011risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in HP SiteScope 9.54, 10.13, 11.01, and 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to an "HTML injection" issue.
- CVE-2011-1726May 3, 2011risk 0.00cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in HP SiteScope 9.54, 10.13, 11.01, and 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2007-4350Oct 21, 2008risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in the management interface in HP SiteScope 9.0 build 911 allows remote attackers to inject arbitrary web script or HTML via an SNMP trap message.
Page 1 of 2