Vendor CVEs
HPE
All CVEs
585 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-7101 | Hig | 0.49 | 7.5 | 0.07 | Sep 27, 2018 | A potential remote denial of service security vulnerability has been identified in HPE Integrated Lights Out 4 prior to v2.60 and iLO 5 for Gen 10 servers prior to v1.30. | ||
| CVE-2018-7077 | Hig | 0.49 | 7.5 | 0.02 | Aug 14, 2018 | A security vulnerability in HPE XP P9000 Command View Advanced Edition (CVAE) Device Manager (DevMgr 8.5.0-00 and prior to 8.6.0-00), Configuration Manager (CM 8.5.0-00 and prior to 8.6.0-00) could be exploited to allow local and remote unauthorized access to sensitive… | ||
| CVE-2018-7069 | Hig | 0.49 | 7.5 | 0.02 | Aug 6, 2018 | HPE has identified a remote unauthenticated access to files vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version. | ||
| CVE-2017-5812 | Hig | 0.49 | 7.5 | 0.05 | Feb 15, 2018 | A remote sql information disclosure vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found. | ||
| CVE-2017-5803 | Hig | 0.49 | 7.5 | 0.08 | Feb 15, 2018 | A Remote Disclosure of Information vulnerability in HPE NonStop Servers using SSH Service version L series: T0801L02 through T0801L02^ABX; J and H series: T0801H01 through T0801H01^ACA was found. | ||
| CVE-2017-5801 | Hig | 0.49 | 7.5 | 0.07 | Feb 15, 2018 | A Remote Unauthorized Access to Data vulnerability in HPE Business Process Monitor version v09.2x, v09.30 was found. | ||
| CVE-2017-5797 | Hig | 0.49 | 7.5 | 0.05 | Feb 15, 2018 | A Remote Unauthenticated Disclosure of Information vulnerability in HPE Intelligent Management Center (IMC) SOM version v7.3 (E0501) was found. | ||
| CVE-2017-12545 | Hig | 0.49 | 7.5 | 0.07 | Feb 15, 2018 | A remote denial of service vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | ||
| CVE-2016-8525 | Hig | 0.49 | 7.5 | 0.09 | Feb 15, 2018 | A Remote Disclosure of Information vulnerability in HPE iMC PLAT version v7.2 E0403P06 and earlier was found. The problem was resolved in iMC PLAT 7.3 E0504 or subsequent version. | ||
| CVE-2016-8518 | Hig | 0.49 | 7.5 | 0.05 | Feb 15, 2018 | A remote denial of service vulnerability in HPE Systems Insight Manager in all versions prior to 7.6 was found. | ||
| CVE-2016-8516 | Hig | 0.49 | 7.5 | 0.05 | Feb 15, 2018 | A remote denial of service vulnerability in HPE Systems Insight Manager in all versions prior to 7.6 was found. | ||
| CVE-2016-4396 | Hig | 0.49 | 7.5 | 0.04 | Oct 28, 2016 | HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow" issue. | ||
| CVE-2016-4395 | Hig | 0.49 | 7.5 | 0.04 | Oct 28, 2016 | HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow" issue. | ||
| CVE-2016-4378 | Hig | 0.49 | 7.5 | 0.03 | Aug 26, 2016 | The (1) Device Manager, (2) Tiered Storage Manager, (3) Replication Manager, (4) Replication Monitor, and (5) Hitachi Automation Director (HAD) components in HPE XP P9000 Command View Advanced Edition Software before 8.4.1-00 and XP7 Command View Advanced Edition Suite before… | ||
| CVE-2016-4367 | Hig | 0.49 | 7.5 | 0.08 | Jun 8, 2016 | The Universal Discovery component in HPE Universal CMDB 10.0, 10.01, 10.10, 10.11, 10.20, and 10.21 allows remote attackers to obtain sensitive information via unspecified vectors. | ||
| CVE-2016-4365 | Hig | 0.49 | 7.5 | 0.04 | Jun 8, 2016 | HPE Insight Control server deployment allows remote attackers to obtain sensitive information via unspecified vectors. | ||
| CVE-2016-4361 | Hig | 0.49 | 7.5 | 0.08 | Jun 8, 2016 | HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 allow… | ||
| CVE-2016-2027 | Hig | 0.49 | 7.5 | 0.04 | Jun 8, 2016 | HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-2026. | ||
| CVE-2016-2026 | Hig | 0.49 | 7.5 | 0.04 | Jun 8, 2016 | HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-2027. | ||
| CVE-2016-2025 | Hig | 0.49 | 7.5 | 0.04 | May 30, 2016 | HPE Service Manager 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote attackers to obtain sensitive information via unspecified vectors, related to the Web Client, Service Request Catalog, and Mobility components. | ||
| CVE-2015-6861 | Hig | 0.49 | 7.5 | 0.01 | Jan 5, 2016 | HPE Helion Eucalyptus 3.4.0 through 4.2.0 allows remote authenticated users to bypass an intended AssumeRole permission requirement and assume an IAM role by leveraging a policy setting for a user's account. | ||
| CVE-2015-5446 | Hig | 0.49 | 7.5 | 0.03 | Jan 5, 2016 | HP StoreOnce Backup system software before 3.13.1 allows remote attackers to execute arbitrary code via unspecified vectors. | ||
| CVE-2016-2001 | Hig | 0.48 | 7.4 | 0.02 | Apr 12, 2016 | HPE Universal CMDB Foundation 10.0, 10.01, 10.10, 10.11, and 10.20 allows remote attackers to obtain sensitive information or conduct URL redirection attacks via unspecified vectors. | ||
| CVE-2015-6863 | Hig | 0.48 | 7.3 | 0.02 | Jan 16, 2016 | HPE ArcSight Logger before 6.1P1 allows remote attackers to execute arbitrary code via unspecified input to the (1) Intellicus or (2) client-certificate upload component. | ||
| CVE-2026-23592 | Hig | 0.47 | 7.2 | 0.01 | Jan 27, 2026 | Insecure file operations in HPE Aruba Networking Fabric Composer’s backup functionality could allow authenticated attackers to achieve remote code execution. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system. | ||
| CVE-2025-37127 | Hig | 0.47 | 7.2 | 0.00 | Sep 16, 2025 | A vulnerability in the cryptographic logic used by HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to gain shell access. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating… | ||
| CVE-2025-37126 | Hig | 0.47 | 7.2 | 0.01 | Sep 16, 2025 | A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN Gateways Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute… | ||
| CVE-2025-37102 | Hig | 0.47 | 7.2 | 0.01 | Jul 8, 2025 | An authenticated command injection vulnerability exists in the Command line interface of HPE Networking Instant On Access Points. A successful exploitation could allow a remote attacker with elevated privileges to execute arbitrary commands on the underlying operating system… | ||
| CVE-2024-54007 | Hig | 0.47 | 7.2 | 0.02 | Jan 7, 2025 | Multiple command injection vulnerabilities exist in the web interface of the 501 Wireless Client Bridge which could lead to authenticated remote command execution. Successful exploitation of these vulnerabilities result in the ability of an attacker to execute arbitrary commands… | ||
| CVE-2024-54006 | Hig | 0.47 | 7.2 | 0.02 | Jan 7, 2025 | Multiple command injection vulnerabilities exist in the web interface of the 501 Wireless Client Bridge which could lead to authenticated remote command execution. Successful exploitation of these vulnerabilities result in the ability of an attacker to execute arbitrary commands… | ||
| CVE-2024-41135 | Hig | 0.47 | 7.2 | 0.01 | Jul 24, 2024 | A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute… | ||
| CVE-2024-41134 | Hig | 0.47 | 7.2 | 0.01 | Jul 24, 2024 | A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute… | ||
| CVE-2024-41133 | Hig | 0.47 | 7.2 | 0.01 | Jul 24, 2024 | A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute… | ||
| CVE-2024-33519 | Hig | 0.47 | 7.2 | 0.01 | Jul 24, 2024 | A vulnerability in the web-based management interface of HPE Aruba Networking EdgeConnect SD-WAN gateway could allow an authenticated remote attacker to conduct a server-side prototype pollution attack. Successful exploitation of this vulnerability could allow an attacker to… | ||
| CVE-2024-22437 | Hig | 0.47 | 7.3 | 0.00 | Apr 15, 2024 | A potential security vulnerability has been identified in VSS Provider and CAPI Proxy software for certain HPE MSA storage products. This vulnerability could be exploited to gain elevated privilege on the system. | ||
| CVE-2018-7105 | Hig | 0.47 | 7.2 | 0.04 | Sep 27, 2018 | A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers prior to v1.35, HPE Integrated Lights-Out 4 (iLO 4) prior to v2.61, HPE Integrated Lights-Out 3 (iLO 3) prior to v1.90 could be remotely exploited to execute arbitrary code leading to… | ||
| CVE-2018-7078 | Hig | 0.47 | 7.2 | 0.07 | Aug 6, 2018 | A remote code execution was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than version v2.60 and HPE Integrated Lights-Out 5 (iLO 5) earlier than version v1.30. | ||
| CVE-2025-37147 | Hig | 0.46 | 7.1 | 0.00 | Oct 14, 2025 | A Secure Boot Bypass Vulnerability exists in affected Access Points that allows an adversary to bypass the hardware root of trust verification in place to ensure only vendor-signed firmware can execute on the device. An adversary can exploit this vulnerability to run modified or… | ||
| CVE-2025-37104 | Hig | 0.46 | 7.1 | 0.00 | Jul 16, 2025 | A security vulnerability has been identified in HPE Telco Service Orchestrator software. The vulnerability could allow authenticated clients to to perform a SQL Injection attack when sending a service request, and potentially exfiltrate the database's vendor name to unauthorized… | ||
| CVE-2016-2015 | Hig | 0.46 | 7.1 | 0.00 | May 14, 2016 | HPE System Management Homepage before 7.5.5 allows local users to obtain sensitive information or modify data via unspecified vectors. | ||
| CVE-2024-22439 | Med | 0.45 | 6.9 | 0.00 | Apr 15, 2024 | A potential security vulnerability has been identified in HPE FlexFabric and FlexNetwork series products. This vulnerability could be exploited to gain privileged access to switches resulting in information disclosure. | ||
| CVE-2025-37129 | Med | 0.44 | 6.7 | 0.00 | Sep 16, 2025 | A vulnerable feature in the command line interface of EdgeConnect SD-WAN could allow an authenticated attacker to exploit built-in script execution capabilities. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system if… | ||
| CVE-2025-37128 | Med | 0.44 | 6.8 | 0.00 | Sep 16, 2025 | A vulnerability in the web API of HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to terminate arbitrary running processes. Successful exploitation could allow an attacker to disrupt system operations, potentially resulting in an… | ||
| CVE-2025-27081 | Med | 0.44 | 6.8 | 0.00 | Apr 10, 2025 | A potential security vulnerability in HPE NonStop OSM Service Connection Suite could potentially be exploited to allow a local Denial of Service. | ||
| CVE-2024-22440 | Med | 0.44 | 6.8 | 0.00 | Apr 17, 2024 | A potential security vulnerability has been identified in HPE Compute Scale-up Server 3200 server. This vulnerability could cause disclosure of sensitive information in log files. | ||
| CVE-2014-5040 | Med | 0.44 | 6.8 | 0.01 | Jan 5, 2016 | HP Helion Eucalyptus 4.1.x before 4.1.2 and HPE Helion Eucalyptus 4.2.x before 4.2.1 allow remote authenticated users to bypass intended access restrictions and modify arbitrary (1) access key credentials by leveraging knowledge of a key ID or (2) signing certificates by… | ||
| CVE-2017-5798 | Med | 0.43 | 6.1 | 0.08 | Feb 15, 2018 | A Remote Code Execution vulnerability in HPE OpenCall Media Platform (OCMP) was found. The vulnerability impacts OCMP versions prior to 3.4.2 RP201 (for OCMP 3.x), all versions prior to 4.4.7 RP702 (for OCMP 4.x). | ||
| CVE-2017-5795 | Med | 0.43 | 6.5 | 0.03 | Feb 15, 2018 | A Local Arbitrary File Download vulnerability in HPE Intelligent Management Center (IMC) version PLAT 7.2 E0403P06 was found. | ||
| CVE-2017-12555 | Med | 0.43 | 6.5 | 0.03 | Feb 15, 2018 | A remote arbitrary file download and disclosure of information vulnerability in HPE Intelligent Management Center (iMC) Service Operation Management (SOM) version IMC SOM 7.3 E0501 was found. | ||
| CVE-2016-8521 | Med | 0.43 | 6.5 | 0.04 | Feb 15, 2018 | A Remote click jacking vulnerability in HPE Diagnostics version 9.24 IP1, 9.26 , 9.26IP1 was found. |
- risk 0.49cvss 7.5epss 0.07
A potential remote denial of service security vulnerability has been identified in HPE Integrated Lights Out 4 prior to v2.60 and iLO 5 for Gen 10 servers prior to v1.30.
- risk 0.49cvss 7.5epss 0.02
A security vulnerability in HPE XP P9000 Command View Advanced Edition (CVAE) Device Manager (DevMgr 8.5.0-00 and prior to 8.6.0-00), Configuration Manager (CM 8.5.0-00 and prior to 8.6.0-00) could be exploited to allow local and remote unauthorized access to sensitive…
- risk 0.49cvss 7.5epss 0.02
HPE has identified a remote unauthenticated access to files vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version.
- risk 0.49cvss 7.5epss 0.05
A remote sql information disclosure vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.
- risk 0.49cvss 7.5epss 0.08
A Remote Disclosure of Information vulnerability in HPE NonStop Servers using SSH Service version L series: T0801L02 through T0801L02^ABX; J and H series: T0801H01 through T0801H01^ACA was found.
- risk 0.49cvss 7.5epss 0.07
A Remote Unauthorized Access to Data vulnerability in HPE Business Process Monitor version v09.2x, v09.30 was found.
- risk 0.49cvss 7.5epss 0.05
A Remote Unauthenticated Disclosure of Information vulnerability in HPE Intelligent Management Center (IMC) SOM version v7.3 (E0501) was found.
- risk 0.49cvss 7.5epss 0.07
A remote denial of service vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.
- risk 0.49cvss 7.5epss 0.09
A Remote Disclosure of Information vulnerability in HPE iMC PLAT version v7.2 E0403P06 and earlier was found. The problem was resolved in iMC PLAT 7.3 E0504 or subsequent version.
- risk 0.49cvss 7.5epss 0.05
A remote denial of service vulnerability in HPE Systems Insight Manager in all versions prior to 7.6 was found.
- risk 0.49cvss 7.5epss 0.05
A remote denial of service vulnerability in HPE Systems Insight Manager in all versions prior to 7.6 was found.
- risk 0.49cvss 7.5epss 0.04
HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow" issue.
- risk 0.49cvss 7.5epss 0.04
HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow" issue.
- risk 0.49cvss 7.5epss 0.03
The (1) Device Manager, (2) Tiered Storage Manager, (3) Replication Manager, (4) Replication Monitor, and (5) Hitachi Automation Director (HAD) components in HPE XP P9000 Command View Advanced Edition Software before 8.4.1-00 and XP7 Command View Advanced Edition Suite before…
- risk 0.49cvss 7.5epss 0.08
The Universal Discovery component in HPE Universal CMDB 10.0, 10.01, 10.10, 10.11, 10.20, and 10.21 allows remote attackers to obtain sensitive information via unspecified vectors.
- risk 0.49cvss 7.5epss 0.04
HPE Insight Control server deployment allows remote attackers to obtain sensitive information via unspecified vectors.
- risk 0.49cvss 7.5epss 0.08
HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 allow…
- risk 0.49cvss 7.5epss 0.04
HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-2026.
- risk 0.49cvss 7.5epss 0.04
HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-2027.
- risk 0.49cvss 7.5epss 0.04
HPE Service Manager 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote attackers to obtain sensitive information via unspecified vectors, related to the Web Client, Service Request Catalog, and Mobility components.
- risk 0.49cvss 7.5epss 0.01
HPE Helion Eucalyptus 3.4.0 through 4.2.0 allows remote authenticated users to bypass an intended AssumeRole permission requirement and assume an IAM role by leveraging a policy setting for a user's account.
- risk 0.49cvss 7.5epss 0.03
HP StoreOnce Backup system software before 3.13.1 allows remote attackers to execute arbitrary code via unspecified vectors.
- risk 0.48cvss 7.4epss 0.02
HPE Universal CMDB Foundation 10.0, 10.01, 10.10, 10.11, and 10.20 allows remote attackers to obtain sensitive information or conduct URL redirection attacks via unspecified vectors.
- risk 0.48cvss 7.3epss 0.02
HPE ArcSight Logger before 6.1P1 allows remote attackers to execute arbitrary code via unspecified input to the (1) Intellicus or (2) client-certificate upload component.
- risk 0.47cvss 7.2epss 0.01
Insecure file operations in HPE Aruba Networking Fabric Composer’s backup functionality could allow authenticated attackers to achieve remote code execution. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system.
- risk 0.47cvss 7.2epss 0.00
A vulnerability in the cryptographic logic used by HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to gain shell access. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating…
- risk 0.47cvss 7.2epss 0.01
A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN Gateways Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute…
- risk 0.47cvss 7.2epss 0.01
An authenticated command injection vulnerability exists in the Command line interface of HPE Networking Instant On Access Points. A successful exploitation could allow a remote attacker with elevated privileges to execute arbitrary commands on the underlying operating system…
- risk 0.47cvss 7.2epss 0.02
Multiple command injection vulnerabilities exist in the web interface of the 501 Wireless Client Bridge which could lead to authenticated remote command execution. Successful exploitation of these vulnerabilities result in the ability of an attacker to execute arbitrary commands…
- risk 0.47cvss 7.2epss 0.02
Multiple command injection vulnerabilities exist in the web interface of the 501 Wireless Client Bridge which could lead to authenticated remote command execution. Successful exploitation of these vulnerabilities result in the ability of an attacker to execute arbitrary commands…
- risk 0.47cvss 7.2epss 0.01
A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute…
- risk 0.47cvss 7.2epss 0.01
A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute…
- risk 0.47cvss 7.2epss 0.01
A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute…
- risk 0.47cvss 7.2epss 0.01
A vulnerability in the web-based management interface of HPE Aruba Networking EdgeConnect SD-WAN gateway could allow an authenticated remote attacker to conduct a server-side prototype pollution attack. Successful exploitation of this vulnerability could allow an attacker to…
- risk 0.47cvss 7.3epss 0.00
A potential security vulnerability has been identified in VSS Provider and CAPI Proxy software for certain HPE MSA storage products. This vulnerability could be exploited to gain elevated privilege on the system.
- risk 0.47cvss 7.2epss 0.04
A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers prior to v1.35, HPE Integrated Lights-Out 4 (iLO 4) prior to v2.61, HPE Integrated Lights-Out 3 (iLO 3) prior to v1.90 could be remotely exploited to execute arbitrary code leading to…
- risk 0.47cvss 7.2epss 0.07
A remote code execution was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than version v2.60 and HPE Integrated Lights-Out 5 (iLO 5) earlier than version v1.30.
- risk 0.46cvss 7.1epss 0.00
A Secure Boot Bypass Vulnerability exists in affected Access Points that allows an adversary to bypass the hardware root of trust verification in place to ensure only vendor-signed firmware can execute on the device. An adversary can exploit this vulnerability to run modified or…
- risk 0.46cvss 7.1epss 0.00
A security vulnerability has been identified in HPE Telco Service Orchestrator software. The vulnerability could allow authenticated clients to to perform a SQL Injection attack when sending a service request, and potentially exfiltrate the database's vendor name to unauthorized…
- risk 0.46cvss 7.1epss 0.00
HPE System Management Homepage before 7.5.5 allows local users to obtain sensitive information or modify data via unspecified vectors.
- risk 0.45cvss 6.9epss 0.00
A potential security vulnerability has been identified in HPE FlexFabric and FlexNetwork series products. This vulnerability could be exploited to gain privileged access to switches resulting in information disclosure.
- risk 0.44cvss 6.7epss 0.00
A vulnerable feature in the command line interface of EdgeConnect SD-WAN could allow an authenticated attacker to exploit built-in script execution capabilities. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system if…
- risk 0.44cvss 6.8epss 0.00
A vulnerability in the web API of HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to terminate arbitrary running processes. Successful exploitation could allow an attacker to disrupt system operations, potentially resulting in an…
- risk 0.44cvss 6.8epss 0.00
A potential security vulnerability in HPE NonStop OSM Service Connection Suite could potentially be exploited to allow a local Denial of Service.
- risk 0.44cvss 6.8epss 0.00
A potential security vulnerability has been identified in HPE Compute Scale-up Server 3200 server. This vulnerability could cause disclosure of sensitive information in log files.
- risk 0.44cvss 6.8epss 0.01
HP Helion Eucalyptus 4.1.x before 4.1.2 and HPE Helion Eucalyptus 4.2.x before 4.2.1 allow remote authenticated users to bypass intended access restrictions and modify arbitrary (1) access key credentials by leveraging knowledge of a key ID or (2) signing certificates by…
- risk 0.43cvss 6.1epss 0.08
A Remote Code Execution vulnerability in HPE OpenCall Media Platform (OCMP) was found. The vulnerability impacts OCMP versions prior to 3.4.2 RP201 (for OCMP 3.x), all versions prior to 4.4.7 RP702 (for OCMP 4.x).
- risk 0.43cvss 6.5epss 0.03
A Local Arbitrary File Download vulnerability in HPE Intelligent Management Center (IMC) version PLAT 7.2 E0403P06 was found.
- risk 0.43cvss 6.5epss 0.03
A remote arbitrary file download and disclosure of information vulnerability in HPE Intelligent Management Center (iMC) Service Operation Management (SOM) version IMC SOM 7.3 E0501 was found.
- risk 0.43cvss 6.5epss 0.04
A Remote click jacking vulnerability in HPE Diagnostics version 9.24 IP1, 9.26 , 9.26IP1 was found.
Page 5 of 12