Network Automation Software
by HPE
CVEs (17)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-1989 | Cri | 0.65 | 9.8 | 0.14 | Mar 15, 2016 | HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-1988. | ||
| CVE-2016-1988 | Cri | 0.65 | 9.8 | 0.14 | Mar 15, 2016 | HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-1989. | ||
| CVE-2016-4386 | Hig | 0.51 | 7.8 | 0.00 | Sep 29, 2016 | HPE Network Automation Software 10.10 allows local users to write to arbitrary files via unspecified vectors. | ||
| CVE-2016-4385 | Hig | 0.48 | 7.3 | 0.04 | Sep 29, 2016 | The RMI service in HP Network Automation Software 9.1x, 9.2x, 10.0x before 10.00.02.01, and 10.1x before 10.11.00.01 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) and Commons BeanUtils… | ||
| CVE-2011-2403 | 0.03 | — | 0.01 | Aug 1, 2011 | SQL injection vulnerability in HP Network Automation 7.2x, 7.5x, 7.6x, 9.0, and 9.10 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2017-5814 | 0.02 | — | 0.24 | Feb 15, 2018 | A remote sql injection authentication bypass in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found. | |||
| CVE-2017-5811 | 0.01 | — | 0.14 | Feb 15, 2018 | A remote code execution vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found. | |||
| CVE-2016-8511 | 0.01 | — | 0.18 | Feb 15, 2018 | A Remote Code Execution vulnerability in HPE Network Automation using RPCServlet and Java Deserialization version v9.1x, v9.2x, v10.00, v10.00.01, v10.00.02, v10.10, v10.11, v10.11.01, v10.20 was found. | |||
| CVE-2017-5810 | 0.01 | — | 0.12 | Feb 15, 2018 | A remote sql injection vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found. | |||
| CVE-2019-3493 | 0.00 | — | 0.01 | Apr 29, 2019 | A potential security vulnerability has been identified in Micro Focus Network Automation Software 9.20, 9.21, 10.00, 10.10, 10.20, 10.30, 10.40, 10.50, 2018.05, 2018.08, 2018.11, and Micro Focus Network Operations Management (NOM) all versions. The vulnerability could be… | |||
| CVE-2018-6493 | 0.00 | — | 0.00 | May 22, 2018 | SQL Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow Remote SQL Injection. | |||
| CVE-2017-5812 | 0.00 | — | 0.06 | Feb 15, 2018 | A remote sql information disclosure vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found. | |||
| CVE-2017-5813 | 0.00 | — | 0.00 | Feb 15, 2018 | A remote unauthenticated access vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found. | |||
| CVE-2014-2646 | 0.00 | — | 0.00 | Oct 10, 2014 | Unspecified vulnerability in HP Network Automation 9.10 and 9.20 allows local users to bypass intended access restrictions via unknown vectors. | |||
| CVE-2011-4790 | 0.00 | — | 0.04 | Feb 2, 2012 | Unspecified vulnerability in HP Network Automation 7.5x, 7.6x, 9.0, and 9.10 allows remote attackers to execute arbitrary code via unknown vectors. | |||
| CVE-2011-2402 | 0.00 | — | 0.01 | Aug 1, 2011 | Cross-site scripting (XSS) vulnerability in HP Network Automation 7.2x, 7.5x, 7.6x, 9.0, and 9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2011-1725 | 0.00 | — | 0.01 | Apr 27, 2011 | Unspecified vulnerability in HP Network Automation 7.2x, 7.5x, 7.6x, 9.0, and 9.10 allows remote attackers to obtain sensitive information via unknown vectors. |
- risk 0.65cvss 9.8epss 0.14
HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-1988.
- risk 0.65cvss 9.8epss 0.14
HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-1989.
- risk 0.51cvss 7.8epss 0.00
HPE Network Automation Software 10.10 allows local users to write to arbitrary files via unspecified vectors.
- risk 0.48cvss 7.3epss 0.04
The RMI service in HP Network Automation Software 9.1x, 9.2x, 10.0x before 10.00.02.01, and 10.1x before 10.11.00.01 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) and Commons BeanUtils…
- CVE-2011-2403Aug 1, 2011risk 0.03cvss —epss 0.01
SQL injection vulnerability in HP Network Automation 7.2x, 7.5x, 7.6x, 9.0, and 9.10 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
- CVE-2017-5814Feb 15, 2018risk 0.02cvss —epss 0.24
A remote sql injection authentication bypass in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.
- CVE-2017-5811Feb 15, 2018risk 0.01cvss —epss 0.14
A remote code execution vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.
- CVE-2016-8511Feb 15, 2018risk 0.01cvss —epss 0.18
A Remote Code Execution vulnerability in HPE Network Automation using RPCServlet and Java Deserialization version v9.1x, v9.2x, v10.00, v10.00.01, v10.00.02, v10.10, v10.11, v10.11.01, v10.20 was found.
- CVE-2017-5810Feb 15, 2018risk 0.01cvss —epss 0.12
A remote sql injection vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.
- CVE-2019-3493Apr 29, 2019risk 0.00cvss —epss 0.01
A potential security vulnerability has been identified in Micro Focus Network Automation Software 9.20, 9.21, 10.00, 10.10, 10.20, 10.30, 10.40, 10.50, 2018.05, 2018.08, 2018.11, and Micro Focus Network Operations Management (NOM) all versions. The vulnerability could be…
- CVE-2018-6493May 22, 2018risk 0.00cvss —epss 0.00
SQL Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow Remote SQL Injection.
- CVE-2017-5812Feb 15, 2018risk 0.00cvss —epss 0.06
A remote sql information disclosure vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.
- CVE-2017-5813Feb 15, 2018risk 0.00cvss —epss 0.00
A remote unauthenticated access vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.
- CVE-2014-2646Oct 10, 2014risk 0.00cvss —epss 0.00
Unspecified vulnerability in HP Network Automation 9.10 and 9.20 allows local users to bypass intended access restrictions via unknown vectors.
- CVE-2011-4790Feb 2, 2012risk 0.00cvss —epss 0.04
Unspecified vulnerability in HP Network Automation 7.5x, 7.6x, 9.0, and 9.10 allows remote attackers to execute arbitrary code via unknown vectors.
- CVE-2011-2402Aug 1, 2011risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in HP Network Automation 7.2x, 7.5x, 7.6x, 9.0, and 9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2011-1725Apr 27, 2011risk 0.00cvss —epss 0.01
Unspecified vulnerability in HP Network Automation 7.2x, 7.5x, 7.6x, 9.0, and 9.10 allows remote attackers to obtain sensitive information via unknown vectors.