Vendor CVEs
HPE
All CVEs
585 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-5689 | Cri | 0.86 | 9.8 | 0.92 | KEV | May 2, 2017 | An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged… | |
| CVE-2017-12542 | Cri | 0.76 | 10.0 | 0.99 | Feb 15, 2018 | A authentication bypass and execution of code vulnerability in HPE Integrated Lights-out 4 (iLO 4) version prior to 2.53 was found. | ||
| CVE-2017-5816 | Cri | 0.74 | 9.8 | 0.86 | Feb 15, 2018 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found. | ||
| CVE-2016-2004 | Cri | 0.74 | 9.8 | 0.94 | Apr 21, 2016 | HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2623. | ||
| CVE-2017-5817 | Cri | 0.73 | 9.8 | 0.83 | Feb 15, 2018 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found. | ||
| CVE-2017-12557 | Cri | 0.73 | 9.8 | 0.80 | Feb 15, 2018 | A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found. | ||
| CVE-2017-5815 | Cri | 0.69 | 9.8 | 0.34 | Feb 15, 2018 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found. | ||
| CVE-2017-5792 | Cri | 0.69 | 9.8 | 0.35 | Feb 15, 2018 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found. | ||
| CVE-2017-5791 | Cri | 0.69 | 9.8 | 0.69 | Oct 11, 2017 | The doFilter method in UrlAccessController in HPE Intelligent Management Center (iMC) PLAT 7.2 E0403P06 allows remote bypass of authentication via unspecified strings in a URI. | ||
| CVE-2017-12558 | Cri | 0.67 | 9.8 | 0.38 | Feb 15, 2018 | A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found. | ||
| CVE-2017-12556 | Cri | 0.67 | 9.8 | 0.38 | Feb 15, 2018 | A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found. | ||
| CVE-2017-5806 | Cri | 0.66 | 9.8 | 0.23 | Feb 15, 2018 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found. | ||
| CVE-2017-5805 | Cri | 0.66 | 9.8 | 0.23 | Feb 15, 2018 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found. | ||
| CVE-2017-5804 | Cri | 0.66 | 9.8 | 0.23 | Feb 15, 2018 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found. | ||
| CVE-2017-12561 | Cri | 0.66 | 9.8 | 0.31 | Feb 15, 2018 | A remote code execution vulnerability in HPE intelligent Management Center (iMC) PLAT version Plat 7.3 E0504P4 and earlier was found. | ||
| CVE-2016-8519 | Cri | 0.66 | 9.8 | 0.28 | Feb 15, 2018 | A remote code execution vulnerability in HPE Operations Orchestration Community edition and Enterprise edition prior to v10.70 was found. | ||
| CVE-2016-1985 | Cri | 0.66 | 10.0 | 0.07 | Jan 30, 2016 | HPE Operations Manager 8.x and 9.0 on Windows allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. | ||
| CVE-2018-7074 | Cri | 0.65 | 9.8 | 0.17 | Aug 6, 2018 | A remote code execution vulnerability was identified in HPE Intelligent Management Center (iMC) PLAT 7.3 E0506P07. The vulnerability was resolved in iMC PLAT 7.3 E0605P04 or subsequent version. | ||
| CVE-2016-4391 | Cri | 0.65 | 9.8 | 0.20 | Aug 6, 2018 | A remote code execution security vulnerability has been identified in all versions of the HP ArcSight WINC Connector prior to v7.3.0. | ||
| CVE-2017-5823 | Cri | 0.65 | 9.8 | 0.19 | Feb 15, 2018 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found. | ||
| CVE-2017-5821 | Cri | 0.65 | 9.8 | 0.17 | Feb 15, 2018 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found. | ||
| CVE-2017-5820 | Cri | 0.65 | 9.8 | 0.19 | Feb 15, 2018 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found. | ||
| CVE-2017-5819 | Cri | 0.65 | 9.8 | 0.19 | Feb 15, 2018 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found. | ||
| CVE-2017-5807 | Cri | 0.65 | 9.8 | 0.22 | Feb 15, 2018 | A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found. | ||
| CVE-2017-5790 | Cri | 0.65 | 9.8 | 0.18 | Feb 15, 2018 | A remote deserialization of untrusted data vulnerability in HPE Intelligent Management Center (IMC) PLAT version 7.2 E0403P06 was found. | ||
| CVE-2016-8511 | Cri | 0.65 | 9.8 | 0.16 | Feb 15, 2018 | A Remote Code Execution vulnerability in HPE Network Automation using RPCServlet and Java Deserialization version v9.1x, v9.2x, v10.00, v10.00.01, v10.00.02, v10.10, v10.11, v10.11.01, v10.20 was found. | ||
| CVE-2017-5789 | Cri | 0.65 | 9.8 | 0.18 | Oct 11, 2017 | HPE LoadRunner before 12.53 Patch 4 and HPE Performance Center before 12.53 Patch 4 allow remote attackers to execute arbitrary code via unspecified vectors. At least in LoadRunner, this is a libxdrutil.dll mxdr_string heap-based buffer overflow. | ||
| CVE-2016-8205 | Cri | 0.65 | 9.8 | 0.13 | Jan 14, 2017 | A Directory Traversal vulnerability in DashboardFileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed. | ||
| CVE-2016-4359 | Cri | 0.65 | 9.8 | 0.16 | Jun 8, 2016 | Stack-based buffer overflow in mchan.dll in the agent in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch… | ||
| CVE-2016-2007 | Cri | 0.65 | 9.8 | 0.20 | Apr 21, 2016 | HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3354. | ||
| CVE-2016-2006 | Cri | 0.65 | 9.8 | 0.20 | Apr 21, 2016 | HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3353. | ||
| CVE-2016-2005 | Cri | 0.65 | 9.8 | 0.20 | Apr 21, 2016 | HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3352. | ||
| CVE-2016-1995 | Cri | 0.65 | 9.8 | 0.10 | Mar 18, 2016 | HPE System Management Homepage before 7.5.4 allows remote attackers to execute arbitrary code via unspecified vectors. | ||
| CVE-2016-1989 | Cri | 0.65 | 9.8 | 0.11 | Mar 15, 2016 | HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-1988. | ||
| CVE-2016-1988 | Cri | 0.65 | 9.8 | 0.11 | Mar 15, 2016 | HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-1989. | ||
| CVE-2025-37103 | Cri | 0.64 | 9.8 | 0.01 | Jul 8, 2025 | Hard-coded login credentials were found in HPE Networking Instant On Access Points, allowing anyone with knowledge of it to bypass normal device authentication. Successful exploitation could allow a remote attacker to gain administrative access to the system. | ||
| CVE-2025-37087 | Cri | 0.64 | 9.8 | 0.00 | Apr 22, 2025 | A vulnerability in the cmdb service of the HPE Performance Cluster Manager (HPCM) could allow an attacker to gain access to an arbitrary file on the server host. | ||
| CVE-2024-13804 | Cri | 0.64 | 9.8 | 0.00 | Mar 30, 2025 | Unauthenticated RCE in HPE Insight Cluster Management Utility | ||
| CVE-2024-42509 | Cri | 0.64 | 9.8 | 0.02 | Nov 5, 2024 | Command injection vulnerability in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability… | ||
| CVE-2024-42506 | Cri | 0.64 | 9.8 | 0.01 | Sep 25, 2024 | Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these… | ||
| CVE-2018-7104 | Cri | 0.64 | 9.8 | 0.09 | Sep 27, 2018 | A Remote Code Execution vulnerability was identified in HPE Intelligent Management Center (iMC) Wireless Services Manager Software earlier than version IMC WSM 7.3 E0506P02. | ||
| CVE-2018-7103 | Cri | 0.64 | 9.8 | 0.09 | Sep 27, 2018 | A Remote Code Execution vulnerability was identified in HPE Intelligent Management Center (iMC) Wireless Services Manager Software earlier than version IMC WSM 7.3 E0506P02. | ||
| CVE-2018-7096 | Cri | 0.64 | 9.8 | 0.03 | Aug 14, 2018 | A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow code execution. | ||
| CVE-2018-7095 | Cri | 0.64 | 9.8 | 0.02 | Aug 14, 2018 | A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow access restriction bypass. | ||
| CVE-2018-7072 | Cri | 0.64 | 9.8 | 0.03 | Aug 6, 2018 | A remote bypass of security restrictions vulnerability was identified in HPE Moonshot Provisioning Manager prior to v1.24. | ||
| CVE-2017-5814 | Cri | 0.64 | 9.8 | 0.09 | Feb 15, 2018 | A remote sql injection authentication bypass in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found. | ||
| CVE-2017-5810 | Cri | 0.64 | 9.8 | 0.05 | Feb 15, 2018 | A remote sql injection vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found. | ||
| CVE-2017-5802 | Cri | 0.64 | 9.8 | 0.02 | Feb 15, 2018 | A Remote Gain Privileged Access vulnerability in HPE Vertica Analytics Platform version v4.1 and later was found. | ||
| CVE-2016-8512 | Cri | 0.64 | 9.8 | 0.06 | Feb 15, 2018 | A Remote Code Execution vulnerability in all versions of HPE LoadRunner and Performance Center was found. | ||
| CVE-2017-14351 | Cri | 0.64 | 9.8 | 0.04 | Sep 30, 2017 | A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow code execution. |
- risk 0.86cvss 9.8epss 0.92
An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged…
- risk 0.76cvss 10.0epss 0.99
A authentication bypass and execution of code vulnerability in HPE Integrated Lights-out 4 (iLO 4) version prior to 2.53 was found.
- risk 0.74cvss 9.8epss 0.86
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
- risk 0.74cvss 9.8epss 0.94
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2623.
- risk 0.73cvss 9.8epss 0.83
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
- risk 0.73cvss 9.8epss 0.80
A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found.
- risk 0.69cvss 9.8epss 0.34
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
- risk 0.69cvss 9.8epss 0.35
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found.
- risk 0.69cvss 9.8epss 0.69
The doFilter method in UrlAccessController in HPE Intelligent Management Center (iMC) PLAT 7.2 E0403P06 allows remote bypass of authentication via unspecified strings in a URI.
- risk 0.67cvss 9.8epss 0.38
A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found.
- risk 0.67cvss 9.8epss 0.38
A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found.
- risk 0.66cvss 9.8epss 0.23
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.
- risk 0.66cvss 9.8epss 0.23
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.
- risk 0.66cvss 9.8epss 0.23
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.
- risk 0.66cvss 9.8epss 0.31
A remote code execution vulnerability in HPE intelligent Management Center (iMC) PLAT version Plat 7.3 E0504P4 and earlier was found.
- risk 0.66cvss 9.8epss 0.28
A remote code execution vulnerability in HPE Operations Orchestration Community edition and Enterprise edition prior to v10.70 was found.
- risk 0.66cvss 10.0epss 0.07
HPE Operations Manager 8.x and 9.0 on Windows allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
- risk 0.65cvss 9.8epss 0.17
A remote code execution vulnerability was identified in HPE Intelligent Management Center (iMC) PLAT 7.3 E0506P07. The vulnerability was resolved in iMC PLAT 7.3 E0605P04 or subsequent version.
- risk 0.65cvss 9.8epss 0.20
A remote code execution security vulnerability has been identified in all versions of the HP ArcSight WINC Connector prior to v7.3.0.
- risk 0.65cvss 9.8epss 0.19
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
- risk 0.65cvss 9.8epss 0.17
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
- risk 0.65cvss 9.8epss 0.19
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
- risk 0.65cvss 9.8epss 0.19
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
- risk 0.65cvss 9.8epss 0.22
A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found.
- risk 0.65cvss 9.8epss 0.18
A remote deserialization of untrusted data vulnerability in HPE Intelligent Management Center (IMC) PLAT version 7.2 E0403P06 was found.
- risk 0.65cvss 9.8epss 0.16
A Remote Code Execution vulnerability in HPE Network Automation using RPCServlet and Java Deserialization version v9.1x, v9.2x, v10.00, v10.00.01, v10.00.02, v10.10, v10.11, v10.11.01, v10.20 was found.
- risk 0.65cvss 9.8epss 0.18
HPE LoadRunner before 12.53 Patch 4 and HPE Performance Center before 12.53 Patch 4 allow remote attackers to execute arbitrary code via unspecified vectors. At least in LoadRunner, this is a libxdrutil.dll mxdr_string heap-based buffer overflow.
- risk 0.65cvss 9.8epss 0.13
A Directory Traversal vulnerability in DashboardFileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed.
- risk 0.65cvss 9.8epss 0.16
Stack-based buffer overflow in mchan.dll in the agent in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch…
- risk 0.65cvss 9.8epss 0.20
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3354.
- risk 0.65cvss 9.8epss 0.20
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3353.
- risk 0.65cvss 9.8epss 0.20
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3352.
- risk 0.65cvss 9.8epss 0.10
HPE System Management Homepage before 7.5.4 allows remote attackers to execute arbitrary code via unspecified vectors.
- risk 0.65cvss 9.8epss 0.11
HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-1988.
- risk 0.65cvss 9.8epss 0.11
HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-1989.
- risk 0.64cvss 9.8epss 0.01
Hard-coded login credentials were found in HPE Networking Instant On Access Points, allowing anyone with knowledge of it to bypass normal device authentication. Successful exploitation could allow a remote attacker to gain administrative access to the system.
- risk 0.64cvss 9.8epss 0.00
A vulnerability in the cmdb service of the HPE Performance Cluster Manager (HPCM) could allow an attacker to gain access to an arbitrary file on the server host.
- risk 0.64cvss 9.8epss 0.00
Unauthenticated RCE in HPE Insight Cluster Management Utility
- risk 0.64cvss 9.8epss 0.02
Command injection vulnerability in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability…
- risk 0.64cvss 9.8epss 0.01
Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these…
- risk 0.64cvss 9.8epss 0.09
A Remote Code Execution vulnerability was identified in HPE Intelligent Management Center (iMC) Wireless Services Manager Software earlier than version IMC WSM 7.3 E0506P02.
- risk 0.64cvss 9.8epss 0.09
A Remote Code Execution vulnerability was identified in HPE Intelligent Management Center (iMC) Wireless Services Manager Software earlier than version IMC WSM 7.3 E0506P02.
- risk 0.64cvss 9.8epss 0.03
A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow code execution.
- risk 0.64cvss 9.8epss 0.02
A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow access restriction bypass.
- risk 0.64cvss 9.8epss 0.03
A remote bypass of security restrictions vulnerability was identified in HPE Moonshot Provisioning Manager prior to v1.24.
- risk 0.64cvss 9.8epss 0.09
A remote sql injection authentication bypass in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.
- risk 0.64cvss 9.8epss 0.05
A remote sql injection vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.
- risk 0.64cvss 9.8epss 0.02
A Remote Gain Privileged Access vulnerability in HPE Vertica Analytics Platform version v4.1 and later was found.
- risk 0.64cvss 9.8epss 0.06
A Remote Code Execution vulnerability in all versions of HPE LoadRunner and Performance Center was found.
- risk 0.64cvss 9.8epss 0.04
A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow code execution.
Page 1 of 12