Vendor CVEs
HPE
All CVEs
585 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-24624 | 0.00 | — | 0.02 | Sep 23, 2020 | Unathenticated directory traversal in the DownloadServlet class execute() method can lead to arbitrary file reads in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9. | |||
| CVE-2020-24623 | 0.00 | — | 0.01 | Sep 18, 2020 | A potential security vulnerability has been identified in Hewlett Packard Enterprise Universal API Framework. The vulnerability could be remotely exploited to allow SQL injection in HPE Universal API Framework for VMware Esxi v2.5.2 and HPE Universal API Framework for Microsoft… | |||
| CVE-2020-7205 | 0.00 | — | 0.00 | Jul 30, 2020 | A potential security vulnerability has been identified in HPE Intelligent Provisioning, Service Pack for ProLiant, and HPE Scripting ToolKit. The vulnerability could be locally exploited to allow arbitrary code execution during the boot process. **Note:** This vulnerability is… | |||
| CVE-2019-12000 | 0.00 | — | 0.01 | Jul 17, 2020 | HPE has found a potential Remote Access Restriction Bypass in HPE MSE Msg Gw application E-LTU prior to version 3.2 when HTTPS is used between the USSD and an external USSD service logic application. Update to version 3.2 and update the HTTPS configuration as described in the… | |||
| CVE-2020-7138 | 0.00 | — | 0.02 | May 19, 2020 | Potential remote code execution security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to gain elevated privileges on the array. The following NimbleOS versions, and all subsequent releases, contain a software fix for… | |||
| CVE-2020-7139 | 0.00 | — | 0.01 | May 19, 2020 | Potential remote access security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to access and modify sensitive information on the system. The following NimbleOS versions, and all subsequent releases, contain a software… | |||
| CVE-2020-7137 | 0.00 | — | 0.00 | May 19, 2020 | A validation issue in HPE Superdome Flex's RMC component may allow local elevation of privilege. Apply HPE Superdome Flex Server version 3.25.46 or later to resolve this issue. | |||
| CVE-2020-12142 | 0.00 | — | 0.01 | May 5, 2020 | 1. IPSec UDP key material can be retrieved from machine-to-machine interfaces and human-accessible interfaces by a user with admin credentials. Such a user, with the required system knowledge, could use this material to decrypt in-flight communication. 2. The vulnerability… | |||
| CVE-2020-12144 | 0.00 | — | 0.00 | May 5, 2020 | The certificate used to identify the Silver Peak Cloud Portal to EdgeConnect devices is not validated. This makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted portal. | |||
| CVE-2020-12143 | 0.00 | — | 0.00 | May 5, 2020 | The certificate used to identify Orchestrator to EdgeConnect devices is not validated, which makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted Orchestrator. | |||
| CVE-2020-7135 | 0.00 | — | 0.01 | Apr 27, 2020 | A potential security vulnerability has been identified in the disk drive firmware installers named Supplemental Update / Online ROM Flash Component on HPE servers running Linux. The vulnerable software is included in the HPE Service Pack for ProLiant (SPP) releases 2018.06.0,… | |||
| CVE-2020-7134 | 0.00 | — | 0.01 | Apr 24, 2020 | A remote access to sensitive data vulnerability was discovered in HPE IOT + GCP version(s): 1.4.0, 1.4.1, 1.4.2, 1.2.4.2. | |||
| CVE-2020-7133 | 0.00 | — | 0.02 | Apr 24, 2020 | A unauthorized remote access vulnerability was discovered in HPE IOT + GCP version(s): 1.4.0, 1.4.1, 1.4.2, 1.2.4.2. | |||
| CVE-2020-7131 | 0.00 | — | 0.01 | Apr 24, 2020 | This document describes a security vulnerability in Blade Maintenance Entity, Integrated Maintenance Entity and Maintenance Entity products. All J/H-series NonStop systems have a security vulnerability associated with an open UDP port 17185 on the Maintenance LAN which could… | |||
| CVE-2019-12002 | 0.00 | — | 0.02 | Apr 17, 2020 | A remote session reuse vulnerability leading to access restriction bypass was discovered in HPE MSA 2040 SAN Storage; HPE MSA 1040 SAN Storage; HPE MSA 1050 SAN Storage; HPE MSA 2042 SAN Storage; HPE MSA 2050 SAN Storage; HPE MSA 2052 SAN Storage version(s): GL225P001 and… | |||
| CVE-2019-12001 | 0.00 | — | 0.01 | Apr 17, 2020 | A remote session reuse vulnerability leading to access restriction bypass was discovered in HPE MSA 2040 SAN Storage; HPE MSA 1040 SAN Storage; HPE MSA 1050 SAN Storage; HPE MSA 2042 SAN Storage; HPE MSA 2050 SAN Storage; HPE MSA 2052 SAN Storage version(s): GL225P001 and… | |||
| CVE-2019-11999 | 0.00 | — | 0.01 | Apr 16, 2020 | Potential security vulnerabilities have been identified in HPE OpenCall Media Platform (OCMP) resulting in remote arbitrary file download and cross site scripting. HPE has made the following updates available to resolve the vulnerability in the impacted versions of OCMP. * For… | |||
| CVE-2019-19539 | 0.00 | — | 0.00 | Jan 27, 2020 | An issue was discovered in Idelji Web ViewPoint H01ABO-H01BY and L01ABP-L01ABZ, Web ViewPoint Plus H01AAG-H01AAQ and L01AAH-L01AAR, and Web ViewPoint Enterprise H01-H01AAE and L01-L01AAF. By reading ADB or AADB file content within the Installation subvolume, a Guardian user can… | |||
| CVE-2019-11998 | 0.00 | — | 0.01 | Jan 16, 2020 | HPE Superdome Flex Server is vulnerable to multiple remote vulnerabilities via improper input validation of administrator commands. This vulnerability could allow an Administrator to bypass security restrictions and access multiple remote vulnerabilities including information… | |||
| CVE-2019-11997 | 0.00 | — | 0.01 | Jan 16, 2020 | A potential security vulnerability has been identified in HPE enhanced Internet Usage Manager (eIUM) versions 8.3 and 9.0. The vulnerability could be used for unauthorized access to information via cross site scripting. HPE has made the following software updates to resolve the… | |||
| CVE-2019-11994 | 0.00 | — | 0.07 | Jan 3, 2020 | A security vulnerability has been identified in HPE SimpliVity 380 Gen 9, HPE SimpliVity 380 Gen 10, HPE SimpliVity 380 Gen 10 G, HPE SimpliVity 2600 Gen 10, SimpliVity OmniCube, SimpliVity OmniStack for Cisco, SimpliVity OmniStack for Lenovo and SimpliVity OmniStack for Dell… | |||
| CVE-2019-11993 | 0.00 | — | 0.02 | Jan 3, 2020 | A security vulnerability has been identified in HPE SimpliVity 380 Gen 9, HPE SimpliVity 380 Gen 10, HPE SimpliVity 380 Gen 10 G, HPE SimpliVity 2600 Gen 10, SimpliVity OmniCube, SimpliVity OmniStack for Cisco, SimpliVity OmniStack for Lenovo and SimpliVity OmniStack for Dell… | |||
| CVE-2019-11995 | 0.00 | — | 0.02 | Dec 18, 2019 | Security vulnerabilities in HPE UIoT version 1.2.4.2 could allow unauthorized remote access and access to sensitive data. HPE has addressed this issue in HPE UIoT: For customers with release UIoT 1.2.4.2 fixes are made available with 1.2.4.2 RP3 HF1. For customers with release… | |||
| CVE-2019-11992 | 0.00 | — | 0.01 | Dec 18, 2019 | A security vulnerability in HPE OneView for VMware vCenter 9.5 could be exploited remotely to allow Cross-Site Scripting. | |||
| CVE-2019-11996 | 0.00 | — | 0.01 | Nov 7, 2019 | Potential security vulnerabilities have been identified with HPE Nimble Storage systems in multi array group configurations. The vulnerabilities could be exploited by an attacker to gain elevated privileges on the array. The following NimbleOS versions, and all subsequent… | |||
| CVE-2019-16099 | 0.00 | — | 0.01 | Sep 8, 2019 | Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows CSRF via JSON data to a .swf file. | |||
| CVE-2019-16100 | 0.00 | — | 0.02 | Sep 8, 2019 | Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows remote attackers to trigger a web-interface outage via slow client-side HTTP traffic from a single source. | |||
| CVE-2019-16101 | 0.00 | — | 0.01 | Sep 8, 2019 | Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows remote attackers to obtain potentially sensitive stack traces by sending incorrect JSON data to the REST API, such as the rest/json/banners URI. | |||
| CVE-2019-16102 | 0.00 | — | 0.02 | Sep 8, 2019 | Silver Peak EdgeConnect SD-WAN before 8.1.7.x has an SNMP service with a public value for rocommunity and trapcommunity. | |||
| CVE-2019-16103 | 0.00 | — | 0.02 | Sep 8, 2019 | Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows privilege escalation (by administrators) from the menu to a root Bash OS shell via the spsshell feature. | |||
| CVE-2019-16104 | 0.00 | — | 0.01 | Sep 8, 2019 | Silver Peak EdgeConnect SD-WAN before 8.1.7.x has reflected XSS via the rest/json/configdb/download/ PATH_INFO. | |||
| CVE-2019-16105 | 0.00 | — | 0.02 | Sep 8, 2019 | Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows ..%2f directory traversal via a rest/json/configdb/download/ URI. | |||
| CVE-2019-5407 | 0.00 | — | 0.01 | Aug 9, 2019 | A remote information disclosure vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1. | |||
| CVE-2019-5406 | 0.00 | — | 0.01 | Aug 9, 2019 | A remote session reuse vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1. | |||
| CVE-2019-5405 | 0.00 | — | 0.02 | Aug 9, 2019 | A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1. | |||
| CVE-2019-5404 | 0.00 | — | 0.02 | Aug 9, 2019 | A remote script injection vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1. | |||
| CVE-2019-5403 | 0.00 | — | 0.01 | Aug 9, 2019 | A remote multiple cross-site scripting vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1. | |||
| CVE-2019-5402 | 0.00 | — | 0.04 | Aug 9, 2019 | A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1. | |||
| CVE-2019-11990 | 0.00 | — | 0.02 | Jul 19, 2019 | Security vulnerabilities in HPE UIoT versions 1.6, 1.5, 1.4.2, 1.4.1, 1.4.0, and 1.2.4.2 could allow unauthorized remote access and access to sensitive data. HPE has addressed this issue in HPE UIoT: * For customers with release UIoT 1.6, fixes are made available with 1.6 RP603… | |||
| CVE-2019-11989 | 0.00 | — | 0.02 | Jul 19, 2019 | A security vulnerability in HPE IceWall SSO Agent Option and IceWall MFA (Agent module ) could be exploited remotely to cause a denial of service. The versions and platforms of Agent Option modules that are impacted are as follows: 10.0 for Apache 2.2 on RHEL 5 and 6, 10.0 for… | |||
| CVE-2019-11988 | 0.00 | — | 0.01 | Jun 5, 2019 | A Remote Unauthorized Access vulnerability was identified in HPE Smart Update Manager (SUM) earlier than version 8.3.5. | |||
| CVE-2019-11987 | 0.00 | — | 0.00 | Jun 5, 2019 | A security vulnerability in HPE Smart Update Manager (SUM) prior to v8.4 could allow local unauthorized elevation of privilege. | |||
| CVE-2019-5394 | 0.00 | — | 0.00 | Jun 5, 2019 | The HPE Nonstop Maintenance Entity family of products are vulnerable to local disclosure of information, such as system layout and configuration. | |||
| CVE-2019-5365 | 0.00 | — | 0.04 | Jun 5, 2019 | A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | |||
| CVE-2018-7120 | 0.00 | — | 0.02 | May 10, 2019 | A security vulnerability in the HPE Virtual Connect SE 16Gb Fibre Channel Module for HPE Synergy running firmware 5.00.50, which is part of the HPE Synergy Custom SPP 2018.11.20190205, could allow local or remote unauthorized elevation of privilege. | |||
| CVE-2018-7119 | 0.00 | — | 0.00 | May 10, 2019 | A Local Disclosure of Sensitive Information vulnerability was identified in HPE NonStop Safeguard earlier than version SPR T9750L01^AIC or T9750H05^AIH, and later versions when the PASSWORD-PROMPT configuration attribute is not set to BLIND; all versions on H-series.… | |||
| CVE-2019-3493 | 0.00 | — | 0.02 | Apr 29, 2019 | A potential security vulnerability has been identified in Micro Focus Network Automation Software 9.20, 9.21, 10.00, 10.10, 10.20, 10.30, 10.40, 10.50, 2018.05, 2018.08, 2018.11, and Micro Focus Network Operations Management (NOM) all versions. The vulnerability could be… | |||
| CVE-2018-7117 | 0.00 | — | 0.01 | Apr 9, 2019 | A remote Cross-Site Scripting in HPE iLO 5 Web User Interface vulnerability was identified in HPE Integrated Lights-Out 5 (iLO 5) for Gen10 ProLiant Servers earlier than version v1.40. | |||
| CVE-2018-7118 | 0.00 | — | 0.01 | Apr 9, 2019 | A local access restriction bypass vulnerability was identified in HPE Service Pack for ProLiant (SPP) Bundled Software earlier than version 2018.09.0. | |||
| CVE-2018-7111 | 0.00 | — | 0.05 | Oct 17, 2018 | A remote unauthorized access vulnerability was identified in HPE UIoT versions 1.5, 1.4.0, 1.4.1, 1.4.2, 1.2.4.2. Specifically, there is a malfunction identified in some section of the DSM portal and some DSM APIs. The impact of the malfunction is that the info can be changed by… |
- CVE-2020-24624Sep 23, 2020risk 0.00cvss —epss 0.02
Unathenticated directory traversal in the DownloadServlet class execute() method can lead to arbitrary file reads in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9.
- CVE-2020-24623Sep 18, 2020risk 0.00cvss —epss 0.01
A potential security vulnerability has been identified in Hewlett Packard Enterprise Universal API Framework. The vulnerability could be remotely exploited to allow SQL injection in HPE Universal API Framework for VMware Esxi v2.5.2 and HPE Universal API Framework for Microsoft…
- CVE-2020-7205Jul 30, 2020risk 0.00cvss —epss 0.00
A potential security vulnerability has been identified in HPE Intelligent Provisioning, Service Pack for ProLiant, and HPE Scripting ToolKit. The vulnerability could be locally exploited to allow arbitrary code execution during the boot process. **Note:** This vulnerability is…
- CVE-2019-12000Jul 17, 2020risk 0.00cvss —epss 0.01
HPE has found a potential Remote Access Restriction Bypass in HPE MSE Msg Gw application E-LTU prior to version 3.2 when HTTPS is used between the USSD and an external USSD service logic application. Update to version 3.2 and update the HTTPS configuration as described in the…
- CVE-2020-7138May 19, 2020risk 0.00cvss —epss 0.02
Potential remote code execution security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to gain elevated privileges on the array. The following NimbleOS versions, and all subsequent releases, contain a software fix for…
- CVE-2020-7139May 19, 2020risk 0.00cvss —epss 0.01
Potential remote access security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to access and modify sensitive information on the system. The following NimbleOS versions, and all subsequent releases, contain a software…
- CVE-2020-7137May 19, 2020risk 0.00cvss —epss 0.00
A validation issue in HPE Superdome Flex's RMC component may allow local elevation of privilege. Apply HPE Superdome Flex Server version 3.25.46 or later to resolve this issue.
- CVE-2020-12142May 5, 2020risk 0.00cvss —epss 0.01
1. IPSec UDP key material can be retrieved from machine-to-machine interfaces and human-accessible interfaces by a user with admin credentials. Such a user, with the required system knowledge, could use this material to decrypt in-flight communication. 2. The vulnerability…
- CVE-2020-12144May 5, 2020risk 0.00cvss —epss 0.00
The certificate used to identify the Silver Peak Cloud Portal to EdgeConnect devices is not validated. This makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted portal.
- CVE-2020-12143May 5, 2020risk 0.00cvss —epss 0.00
The certificate used to identify Orchestrator to EdgeConnect devices is not validated, which makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted Orchestrator.
- CVE-2020-7135Apr 27, 2020risk 0.00cvss —epss 0.01
A potential security vulnerability has been identified in the disk drive firmware installers named Supplemental Update / Online ROM Flash Component on HPE servers running Linux. The vulnerable software is included in the HPE Service Pack for ProLiant (SPP) releases 2018.06.0,…
- CVE-2020-7134Apr 24, 2020risk 0.00cvss —epss 0.01
A remote access to sensitive data vulnerability was discovered in HPE IOT + GCP version(s): 1.4.0, 1.4.1, 1.4.2, 1.2.4.2.
- CVE-2020-7133Apr 24, 2020risk 0.00cvss —epss 0.02
A unauthorized remote access vulnerability was discovered in HPE IOT + GCP version(s): 1.4.0, 1.4.1, 1.4.2, 1.2.4.2.
- CVE-2020-7131Apr 24, 2020risk 0.00cvss —epss 0.01
This document describes a security vulnerability in Blade Maintenance Entity, Integrated Maintenance Entity and Maintenance Entity products. All J/H-series NonStop systems have a security vulnerability associated with an open UDP port 17185 on the Maintenance LAN which could…
- CVE-2019-12002Apr 17, 2020risk 0.00cvss —epss 0.02
A remote session reuse vulnerability leading to access restriction bypass was discovered in HPE MSA 2040 SAN Storage; HPE MSA 1040 SAN Storage; HPE MSA 1050 SAN Storage; HPE MSA 2042 SAN Storage; HPE MSA 2050 SAN Storage; HPE MSA 2052 SAN Storage version(s): GL225P001 and…
- CVE-2019-12001Apr 17, 2020risk 0.00cvss —epss 0.01
A remote session reuse vulnerability leading to access restriction bypass was discovered in HPE MSA 2040 SAN Storage; HPE MSA 1040 SAN Storage; HPE MSA 1050 SAN Storage; HPE MSA 2042 SAN Storage; HPE MSA 2050 SAN Storage; HPE MSA 2052 SAN Storage version(s): GL225P001 and…
- CVE-2019-11999Apr 16, 2020risk 0.00cvss —epss 0.01
Potential security vulnerabilities have been identified in HPE OpenCall Media Platform (OCMP) resulting in remote arbitrary file download and cross site scripting. HPE has made the following updates available to resolve the vulnerability in the impacted versions of OCMP. * For…
- CVE-2019-19539Jan 27, 2020risk 0.00cvss —epss 0.00
An issue was discovered in Idelji Web ViewPoint H01ABO-H01BY and L01ABP-L01ABZ, Web ViewPoint Plus H01AAG-H01AAQ and L01AAH-L01AAR, and Web ViewPoint Enterprise H01-H01AAE and L01-L01AAF. By reading ADB or AADB file content within the Installation subvolume, a Guardian user can…
- CVE-2019-11998Jan 16, 2020risk 0.00cvss —epss 0.01
HPE Superdome Flex Server is vulnerable to multiple remote vulnerabilities via improper input validation of administrator commands. This vulnerability could allow an Administrator to bypass security restrictions and access multiple remote vulnerabilities including information…
- CVE-2019-11997Jan 16, 2020risk 0.00cvss —epss 0.01
A potential security vulnerability has been identified in HPE enhanced Internet Usage Manager (eIUM) versions 8.3 and 9.0. The vulnerability could be used for unauthorized access to information via cross site scripting. HPE has made the following software updates to resolve the…
- CVE-2019-11994Jan 3, 2020risk 0.00cvss —epss 0.07
A security vulnerability has been identified in HPE SimpliVity 380 Gen 9, HPE SimpliVity 380 Gen 10, HPE SimpliVity 380 Gen 10 G, HPE SimpliVity 2600 Gen 10, SimpliVity OmniCube, SimpliVity OmniStack for Cisco, SimpliVity OmniStack for Lenovo and SimpliVity OmniStack for Dell…
- CVE-2019-11993Jan 3, 2020risk 0.00cvss —epss 0.02
A security vulnerability has been identified in HPE SimpliVity 380 Gen 9, HPE SimpliVity 380 Gen 10, HPE SimpliVity 380 Gen 10 G, HPE SimpliVity 2600 Gen 10, SimpliVity OmniCube, SimpliVity OmniStack for Cisco, SimpliVity OmniStack for Lenovo and SimpliVity OmniStack for Dell…
- CVE-2019-11995Dec 18, 2019risk 0.00cvss —epss 0.02
Security vulnerabilities in HPE UIoT version 1.2.4.2 could allow unauthorized remote access and access to sensitive data. HPE has addressed this issue in HPE UIoT: For customers with release UIoT 1.2.4.2 fixes are made available with 1.2.4.2 RP3 HF1. For customers with release…
- CVE-2019-11992Dec 18, 2019risk 0.00cvss —epss 0.01
A security vulnerability in HPE OneView for VMware vCenter 9.5 could be exploited remotely to allow Cross-Site Scripting.
- CVE-2019-11996Nov 7, 2019risk 0.00cvss —epss 0.01
Potential security vulnerabilities have been identified with HPE Nimble Storage systems in multi array group configurations. The vulnerabilities could be exploited by an attacker to gain elevated privileges on the array. The following NimbleOS versions, and all subsequent…
- CVE-2019-16099Sep 8, 2019risk 0.00cvss —epss 0.01
Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows CSRF via JSON data to a .swf file.
- CVE-2019-16100Sep 8, 2019risk 0.00cvss —epss 0.02
Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows remote attackers to trigger a web-interface outage via slow client-side HTTP traffic from a single source.
- CVE-2019-16101Sep 8, 2019risk 0.00cvss —epss 0.01
Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows remote attackers to obtain potentially sensitive stack traces by sending incorrect JSON data to the REST API, such as the rest/json/banners URI.
- CVE-2019-16102Sep 8, 2019risk 0.00cvss —epss 0.02
Silver Peak EdgeConnect SD-WAN before 8.1.7.x has an SNMP service with a public value for rocommunity and trapcommunity.
- CVE-2019-16103Sep 8, 2019risk 0.00cvss —epss 0.02
Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows privilege escalation (by administrators) from the menu to a root Bash OS shell via the spsshell feature.
- CVE-2019-16104Sep 8, 2019risk 0.00cvss —epss 0.01
Silver Peak EdgeConnect SD-WAN before 8.1.7.x has reflected XSS via the rest/json/configdb/download/ PATH_INFO.
- CVE-2019-16105Sep 8, 2019risk 0.00cvss —epss 0.02
Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows ..%2f directory traversal via a rest/json/configdb/download/ URI.
- CVE-2019-5407Aug 9, 2019risk 0.00cvss —epss 0.01
A remote information disclosure vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
- CVE-2019-5406Aug 9, 2019risk 0.00cvss —epss 0.01
A remote session reuse vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
- CVE-2019-5405Aug 9, 2019risk 0.00cvss —epss 0.02
A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
- CVE-2019-5404Aug 9, 2019risk 0.00cvss —epss 0.02
A remote script injection vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
- CVE-2019-5403Aug 9, 2019risk 0.00cvss —epss 0.01
A remote multiple cross-site scripting vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
- CVE-2019-5402Aug 9, 2019risk 0.00cvss —epss 0.04
A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
- CVE-2019-11990Jul 19, 2019risk 0.00cvss —epss 0.02
Security vulnerabilities in HPE UIoT versions 1.6, 1.5, 1.4.2, 1.4.1, 1.4.0, and 1.2.4.2 could allow unauthorized remote access and access to sensitive data. HPE has addressed this issue in HPE UIoT: * For customers with release UIoT 1.6, fixes are made available with 1.6 RP603…
- CVE-2019-11989Jul 19, 2019risk 0.00cvss —epss 0.02
A security vulnerability in HPE IceWall SSO Agent Option and IceWall MFA (Agent module ) could be exploited remotely to cause a denial of service. The versions and platforms of Agent Option modules that are impacted are as follows: 10.0 for Apache 2.2 on RHEL 5 and 6, 10.0 for…
- CVE-2019-11988Jun 5, 2019risk 0.00cvss —epss 0.01
A Remote Unauthorized Access vulnerability was identified in HPE Smart Update Manager (SUM) earlier than version 8.3.5.
- CVE-2019-11987Jun 5, 2019risk 0.00cvss —epss 0.00
A security vulnerability in HPE Smart Update Manager (SUM) prior to v8.4 could allow local unauthorized elevation of privilege.
- CVE-2019-5394Jun 5, 2019risk 0.00cvss —epss 0.00
The HPE Nonstop Maintenance Entity family of products are vulnerable to local disclosure of information, such as system layout and configuration.
- CVE-2019-5365Jun 5, 2019risk 0.00cvss —epss 0.04
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
- CVE-2018-7120May 10, 2019risk 0.00cvss —epss 0.02
A security vulnerability in the HPE Virtual Connect SE 16Gb Fibre Channel Module for HPE Synergy running firmware 5.00.50, which is part of the HPE Synergy Custom SPP 2018.11.20190205, could allow local or remote unauthorized elevation of privilege.
- CVE-2018-7119May 10, 2019risk 0.00cvss —epss 0.00
A Local Disclosure of Sensitive Information vulnerability was identified in HPE NonStop Safeguard earlier than version SPR T9750L01^AIC or T9750H05^AIH, and later versions when the PASSWORD-PROMPT configuration attribute is not set to BLIND; all versions on H-series.…
- CVE-2019-3493Apr 29, 2019risk 0.00cvss —epss 0.02
A potential security vulnerability has been identified in Micro Focus Network Automation Software 9.20, 9.21, 10.00, 10.10, 10.20, 10.30, 10.40, 10.50, 2018.05, 2018.08, 2018.11, and Micro Focus Network Operations Management (NOM) all versions. The vulnerability could be…
- CVE-2018-7117Apr 9, 2019risk 0.00cvss —epss 0.01
A remote Cross-Site Scripting in HPE iLO 5 Web User Interface vulnerability was identified in HPE Integrated Lights-Out 5 (iLO 5) for Gen10 ProLiant Servers earlier than version v1.40.
- CVE-2018-7118Apr 9, 2019risk 0.00cvss —epss 0.01
A local access restriction bypass vulnerability was identified in HPE Service Pack for ProLiant (SPP) Bundled Software earlier than version 2018.09.0.
- CVE-2018-7111Oct 17, 2018risk 0.00cvss —epss 0.05
A remote unauthorized access vulnerability was identified in HPE UIoT versions 1.5, 1.4.0, 1.4.1, 1.4.2, 1.2.4.2. Specifically, there is a malfunction identified in some section of the DSM portal and some DSM APIs. The impact of the malfunction is that the info can be changed by…
Page 11 of 12