Vendor CVEs
Microfocus
All CVEs
2,209 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-18593 | Med | 0.43 | 6.5 | 0.07 | Dec 31, 2018 | Remote Directory Traversal and Remote Disclosure of Privileged Information in UCMDB Configuration Management Service, version 10.22, 10.22 CUP1, 10.22 CUP2, 10.22 CUP3, 10.22 CUP4, 10.22 CUP5, 10.22 CUP6, 10.22 CUP7, 10.33, 10.33 CUP1, 10.33 CUP2, 10.33 CUP3, 2018.02, 2018.05,… | ||
| CVE-2018-7113 | Med | 0.43 | 6.6 | 0.01 | Dec 3, 2018 | A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) prior to v1.37 could be locally exploited to bypass the security restrictions for firmware updates. | ||
| CVE-2016-1605 | Med | 0.43 | 6.5 | 0.04 | Aug 1, 2016 | Directory traversal vulnerability in the ReportViewServlet servlet in the server in NetIQ Sentinel 7.4.x before 7.4.2 allows remote attackers to read arbitrary files via a PREVIEW value for the fileType field. | ||
| CVE-2016-2775 | Med | 0.43 | 5.9 | 0.63 | Jul 19, 2016 | ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol. | ||
| CVE-2026-9493 | Med | 0.42 | 6.5 | 0.00 | May 29, 2026 | Service Center developed by BankPro E-Service Technology has an Insecure Direct Object Reference vulnerability, allowing authenticated remote attackers to modify the parameter of a specific query function to access other users' EC order details. | ||
| CVE-2025-3756 | Med | 0.42 | 6.5 | 0.00 | Apr 13, 2026 | A vulnerability exists in the command handling of the IEC 61850 communication stack included in the product revisions listed as affected in this CVE. An attacker with access to IEC 61850 networks could exploit the vulnera bility by using a specially crafted 61850 packet, forcing… | ||
| CVE-2024-29080 | Med | 0.42 | 6.5 | 0.00 | Jul 19, 2024 | Potential vulnerabilities have been identified in the HP Display Control software component within the HP Application Enabling Software Driver which might allow escalation of privilege. | ||
| CVE-2024-24970 | Med | 0.42 | 6.5 | 0.00 | Jul 19, 2024 | Potential vulnerabilities have been identified in the HP Display Control software component within the HP Application Enabling Software Driver which might allow escalation of privilege. | ||
| CVE-2023-32260 | Med | 0.42 | 6.5 | 0.00 | Mar 19, 2024 | Misinterpretation of Input vulnerability in OpenText™ Service Management Automation X (SMAX), OpenText™ Asset Management X (AMX), and OpenText™ Hybrid Cloud Management X (HCMX) products. The vulnerability could allow Input data manipulation.This issue affects Service… | ||
| CVE-2023-32267 | Med | 0.42 | 6.4 | 0.00 | Aug 11, 2023 | A potential vulnerability has been identified in OpenText / Micro Focus ArcSight Management Center. The vulnerability could be remotely exploited. | ||
| CVE-2022-26330 | Med | 0.42 | 6.5 | 0.01 | Aug 31, 2022 | Potential vulnerabilities have been identified in Micro Focus ArcSight Logger. The vulnerabilities could be remotely exploited resulting in Information Disclosure, or Self Cross-Site Scripting (XSS). This issue affects: Micro Focus ArcSight Logger versions prior to v7.2.2… | ||
| CVE-2021-38130 | Med | 0.42 | 6.5 | 0.01 | Feb 4, 2022 | A potential Information leakage vulnerability has been identified in versions of Micro Focus Voltage SecureMail Mail Relay prior to 7.3.0.1. The vulnerability could be exploited to create an information leakage attack. | ||
| CVE-2021-22500 | Med | 0.42 | 6.5 | 0.00 | Feb 6, 2021 | Cross Site Request Forgery vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could be exploited by attacker to trick the users into executing actions of the attacker's choosing. | ||
| CVE-2020-25838 | Med | 0.42 | 6.5 | 0.01 | Dec 11, 2020 | Unauthorized disclosure of sensitive information vulnerability in Micro Focus Filr product. Affecting all 3.x and 4.x versions. The vulnerability could be exploited to disclose unauthorized sensitive information. | ||
| CVE-2019-18917 | Med | 0.42 | 6.5 | 0.01 | Mar 16, 2020 | A potential security vulnerability has been identified for certain HP Printers and All-in-Ones that would allow bypassing account lockout. | ||
| CVE-2019-0399 | Med | 0.42 | 6.5 | 0.01 | Dec 11, 2019 | SAP Portfolio and Project Management, before versions S4CORE 102, 103, EPPM 100 and CPRXRPM 500_702, 600_740, 610_740; unintentionally allows a user to discover accounting information of the Projects in Project dashboard, leading to Information Disclosure. | ||
| CVE-2019-17085 | Med | 0.42 | 6.5 | 0.01 | Nov 18, 2019 | XXE attack vulnerability on Micro Focus Operations Agent, affected version 12.0, 12.01, 12.02, 12.03, 12.04, 12.05, 12.06, 12.10, 12.11. The vulnerability could be exploited to do an XXE attack on Operations Agent. | ||
| CVE-2019-11664 | Med | 0.42 | 6.5 | 0.01 | Sep 18, 2019 | Clear text password in browser in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure. | ||
| CVE-2019-11663 | Med | 0.42 | 6.5 | 0.00 | Sep 18, 2019 | Clear text credentials are used to access managers app in Tomcat in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure. | ||
| CVE-2019-5408 | Med | 0.42 | 6.5 | 0.02 | Aug 9, 2019 | Command View Advanced Edition (CVAE) products contain a vulnerability that could expose configuration information of hosts and storage systems that are managed by Device Manager server. This problem is due to a vulnerability in Device Manager GUI. The following products are… | ||
| CVE-2019-11946 | Med | 0.42 | 6.5 | 0.01 | Jun 5, 2019 | A remote credential disclosure vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | ||
| CVE-2019-3483 | Med | 0.42 | 6.5 | 0.02 | Mar 25, 2019 | Mitigates a potential information leakage issue in ArcSight Logger versions prior to 6.7. | ||
| CVE-2018-6502 | Med | 0.42 | 6.5 | 0.01 | Sep 20, 2018 | A potential Reflected Cross-Site Scripting (XSS) Security vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Reflected Cross-site Scripting (XSS). | ||
| CVE-2018-7682 | Med | 0.42 | 6.5 | 0.01 | Jun 22, 2018 | Micro Focus Solutions Business Manager versions prior to 11.4 allows a user to invoke SBM RESTful services across domains. | ||
| CVE-2017-13988 | Med | 0.42 | 6.5 | 0.01 | Sep 30, 2017 | An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to alter the maximum size of storage groups and enable/disable the setting for the 'follow schedule' function. | ||
| CVE-2017-13987 | Med | 0.42 | 6.5 | 0.01 | Sep 30, 2017 | An insufficient access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows an unauthorized user to download log files. | ||
| CVE-2017-13985 | Med | 0.42 | 6.5 | 0.03 | Sep 30, 2017 | An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to traverse directory leading to disclosure of information. | ||
| CVE-2017-13984 | Med | 0.42 | 6.5 | 0.02 | Sep 30, 2017 | An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to delete arbitrary files via servlet directory traversal. | ||
| CVE-2017-7424 | Med | 0.42 | 6.5 | 0.02 | Aug 21, 2017 | A Path Traversal (CWE-22) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote authenticated users to download arbitrary files from a system running the product,… | ||
| CVE-2017-7433 | Med | 0.42 | 6.5 | 0.01 | May 18, 2017 | An absolute path traversal vulnerability (CWE-36) in Micro Focus Vibe 4.0.2 and earlier allows a remote authenticated attacker to download arbitrary files from the server by submitting a specially crafted request to the viewFile endpoint. Note that the attack can be performed… | ||
| CVE-2016-5755 | Med | 0.42 | 6.5 | 0.01 | Mar 23, 2017 | NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to clickjacking attacks due to a missing SAMEORIGIN filter in the "high encryption" setting. | ||
| CVE-2016-1603 | Med | 0.42 | 6.5 | 0.01 | Mar 23, 2017 | An information leak in the NetIQ IDM ServiceNow Driver before 1.0.0.1 could expose cryptographic attributes to logged-in users. | ||
| CVE-2016-5765 | Med | 0.42 | 6.5 | 0.02 | Nov 29, 2016 | Administrative Server in Micro Focus Host Access Management and Security Server (MSS) and Reflection for the Web (RWeb) and Reflection Security Gateway (RSG) and Reflection ZFE (ZFE) allows remote unauthenticated attackers to read arbitrary files via a specially crafted URL that… | ||
| CVE-2016-4394 | Med | 0.42 | 6.5 | 0.03 | Oct 28, 2016 | HPE System Management Homepage before v7.6 allows remote attackers to obtain sensitive information via unspecified vectors, related to an "HSTS" issue. | ||
| CVE-2016-6306 | Med | 0.42 | 5.9 | 0.42 | Sep 26, 2016 | The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c. | ||
| CVE-2016-2013 | Med | 0.42 | 6.5 | 0.02 | May 7, 2016 | HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to obtain sensitive information via unspecified vectors. | ||
| CVE-2016-2012 | Med | 0.42 | 6.5 | 0.02 | May 7, 2016 | HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote attackers to bypass authentication via unspecified vectors. | ||
| CVE-2016-1994 | Med | 0.42 | 6.5 | 0.02 | Mar 18, 2016 | HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information via unspecified vectors. | ||
| CVE-2016-1992 | Med | 0.42 | 6.5 | 0.02 | Mar 17, 2016 | HPE ArcSight ESM before 6.8c, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to obtain sensitive information via unspecified vectors. | ||
| CVE-2015-5434 | Med | 0.42 | 6.5 | 0.02 | Jan 5, 2016 | HPE Networking Products, originally branded as Comware 5, Comware 7, H3C, or HP, allow remote attackers to bypass intended access restrictions or cause a denial of service via "Virtual routing and forwarding (VRF) hopping." | ||
| CVE-2022-38753 | Med | 0.41 | 6.3 | 0.00 | Nov 28, 2022 | This update resolves a multi-factor authentication bypass attack | ||
| CVE-2017-20038 | Med | 0.41 | 6.3 | 0.01 | Jun 11, 2022 | A vulnerability was found in SICUNET Access Controller 0.32-05z and classified as critical. Affected by this issue is some unknown functionality of the file card_scan_decoder.php. The manipulation of the argument No/door leads to privilege escalation. The attack may be launched… | ||
| CVE-2017-20037 | Med | 0.41 | 6.3 | 0.01 | Jun 11, 2022 | A vulnerability has been found in SICUNET Access Controller 0.32-05z and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument c leads to privilege escalation. The attack can be launched remotely. | ||
| CVE-2019-5400 | Med | 0.41 | 6.3 | 0.01 | Aug 9, 2019 | A remote session reuse vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1. | ||
| CVE-2018-7125 | Med | 0.41 | 6.3 | 0.01 | Jun 5, 2019 | A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | ||
| CVE-2018-18589 | Med | 0.41 | 6.3 | 0.02 | Oct 23, 2018 | A potential Remote Arbitrary Code Execution vulnerability has been identified in Micro Focus' Real User Monitoring software, versions 9.26IP, 9.30, 9.40 and 9.50. The vulnerability could be exploited to execute arbitrary code. | ||
| CVE-2015-6864 | Med | 0.41 | 6.3 | 0.01 | Jan 16, 2016 | HPE ArcSight Logger before 6.1P1 allows remote authenticated users to execute arbitrary code via unspecified input to the (1) Intellicus or (2) client-certificate upload component. | ||
| CVE-2024-2300 | Med | 0.40 | 6.2 | 0.00 | Jun 12, 2024 | HP Advance Mobile Applications for iOS and Android are potentially vulnerable to information disclosure when using an outdated version of the application via mobile devices. | ||
| CVE-2023-5113 | Med | 0.40 | 6.1 | 0.00 | Oct 4, 2023 | Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to denial of service due to WS-Print request and potential injections of Cross Site Scripting via jQuery-UI. | ||
| CVE-2023-24469 | Med | 0.40 | 6.1 | 0.00 | Jun 13, 2023 | Potential Cross-Site Scripting in ArcSight Logger versions prior to 7.3.0 |
- risk 0.43cvss 6.5epss 0.07
Remote Directory Traversal and Remote Disclosure of Privileged Information in UCMDB Configuration Management Service, version 10.22, 10.22 CUP1, 10.22 CUP2, 10.22 CUP3, 10.22 CUP4, 10.22 CUP5, 10.22 CUP6, 10.22 CUP7, 10.33, 10.33 CUP1, 10.33 CUP2, 10.33 CUP3, 2018.02, 2018.05,…
- risk 0.43cvss 6.6epss 0.01
A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) prior to v1.37 could be locally exploited to bypass the security restrictions for firmware updates.
- risk 0.43cvss 6.5epss 0.04
Directory traversal vulnerability in the ReportViewServlet servlet in the server in NetIQ Sentinel 7.4.x before 7.4.2 allows remote attackers to read arbitrary files via a PREVIEW value for the fileType field.
- risk 0.43cvss 5.9epss 0.63
ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol.
- risk 0.42cvss 6.5epss 0.00
Service Center developed by BankPro E-Service Technology has an Insecure Direct Object Reference vulnerability, allowing authenticated remote attackers to modify the parameter of a specific query function to access other users' EC order details.
- risk 0.42cvss 6.5epss 0.00
A vulnerability exists in the command handling of the IEC 61850 communication stack included in the product revisions listed as affected in this CVE. An attacker with access to IEC 61850 networks could exploit the vulnera bility by using a specially crafted 61850 packet, forcing…
- risk 0.42cvss 6.5epss 0.00
Potential vulnerabilities have been identified in the HP Display Control software component within the HP Application Enabling Software Driver which might allow escalation of privilege.
- risk 0.42cvss 6.5epss 0.00
Potential vulnerabilities have been identified in the HP Display Control software component within the HP Application Enabling Software Driver which might allow escalation of privilege.
- risk 0.42cvss 6.5epss 0.00
Misinterpretation of Input vulnerability in OpenText™ Service Management Automation X (SMAX), OpenText™ Asset Management X (AMX), and OpenText™ Hybrid Cloud Management X (HCMX) products. The vulnerability could allow Input data manipulation.This issue affects Service…
- risk 0.42cvss 6.4epss 0.00
A potential vulnerability has been identified in OpenText / Micro Focus ArcSight Management Center. The vulnerability could be remotely exploited.
- risk 0.42cvss 6.5epss 0.01
Potential vulnerabilities have been identified in Micro Focus ArcSight Logger. The vulnerabilities could be remotely exploited resulting in Information Disclosure, or Self Cross-Site Scripting (XSS). This issue affects: Micro Focus ArcSight Logger versions prior to v7.2.2…
- risk 0.42cvss 6.5epss 0.01
A potential Information leakage vulnerability has been identified in versions of Micro Focus Voltage SecureMail Mail Relay prior to 7.3.0.1. The vulnerability could be exploited to create an information leakage attack.
- risk 0.42cvss 6.5epss 0.00
Cross Site Request Forgery vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could be exploited by attacker to trick the users into executing actions of the attacker's choosing.
- risk 0.42cvss 6.5epss 0.01
Unauthorized disclosure of sensitive information vulnerability in Micro Focus Filr product. Affecting all 3.x and 4.x versions. The vulnerability could be exploited to disclose unauthorized sensitive information.
- risk 0.42cvss 6.5epss 0.01
A potential security vulnerability has been identified for certain HP Printers and All-in-Ones that would allow bypassing account lockout.
- risk 0.42cvss 6.5epss 0.01
SAP Portfolio and Project Management, before versions S4CORE 102, 103, EPPM 100 and CPRXRPM 500_702, 600_740, 610_740; unintentionally allows a user to discover accounting information of the Projects in Project dashboard, leading to Information Disclosure.
- risk 0.42cvss 6.5epss 0.01
XXE attack vulnerability on Micro Focus Operations Agent, affected version 12.0, 12.01, 12.02, 12.03, 12.04, 12.05, 12.06, 12.10, 12.11. The vulnerability could be exploited to do an XXE attack on Operations Agent.
- risk 0.42cvss 6.5epss 0.01
Clear text password in browser in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure.
- risk 0.42cvss 6.5epss 0.00
Clear text credentials are used to access managers app in Tomcat in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure.
- risk 0.42cvss 6.5epss 0.02
Command View Advanced Edition (CVAE) products contain a vulnerability that could expose configuration information of hosts and storage systems that are managed by Device Manager server. This problem is due to a vulnerability in Device Manager GUI. The following products are…
- risk 0.42cvss 6.5epss 0.01
A remote credential disclosure vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
- risk 0.42cvss 6.5epss 0.02
Mitigates a potential information leakage issue in ArcSight Logger versions prior to 6.7.
- risk 0.42cvss 6.5epss 0.01
A potential Reflected Cross-Site Scripting (XSS) Security vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Reflected Cross-site Scripting (XSS).
- risk 0.42cvss 6.5epss 0.01
Micro Focus Solutions Business Manager versions prior to 11.4 allows a user to invoke SBM RESTful services across domains.
- risk 0.42cvss 6.5epss 0.01
An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to alter the maximum size of storage groups and enable/disable the setting for the 'follow schedule' function.
- risk 0.42cvss 6.5epss 0.01
An insufficient access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows an unauthorized user to download log files.
- risk 0.42cvss 6.5epss 0.03
An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to traverse directory leading to disclosure of information.
- risk 0.42cvss 6.5epss 0.02
An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to delete arbitrary files via servlet directory traversal.
- risk 0.42cvss 6.5epss 0.02
A Path Traversal (CWE-22) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote authenticated users to download arbitrary files from a system running the product,…
- risk 0.42cvss 6.5epss 0.01
An absolute path traversal vulnerability (CWE-36) in Micro Focus Vibe 4.0.2 and earlier allows a remote authenticated attacker to download arbitrary files from the server by submitting a specially crafted request to the viewFile endpoint. Note that the attack can be performed…
- risk 0.42cvss 6.5epss 0.01
NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to clickjacking attacks due to a missing SAMEORIGIN filter in the "high encryption" setting.
- risk 0.42cvss 6.5epss 0.01
An information leak in the NetIQ IDM ServiceNow Driver before 1.0.0.1 could expose cryptographic attributes to logged-in users.
- risk 0.42cvss 6.5epss 0.02
Administrative Server in Micro Focus Host Access Management and Security Server (MSS) and Reflection for the Web (RWeb) and Reflection Security Gateway (RSG) and Reflection ZFE (ZFE) allows remote unauthenticated attackers to read arbitrary files via a specially crafted URL that…
- risk 0.42cvss 6.5epss 0.03
HPE System Management Homepage before v7.6 allows remote attackers to obtain sensitive information via unspecified vectors, related to an "HSTS" issue.
- risk 0.42cvss 5.9epss 0.42
The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.
- risk 0.42cvss 6.5epss 0.02
HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to obtain sensitive information via unspecified vectors.
- risk 0.42cvss 6.5epss 0.02
HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote attackers to bypass authentication via unspecified vectors.
- risk 0.42cvss 6.5epss 0.02
HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information via unspecified vectors.
- risk 0.42cvss 6.5epss 0.02
HPE ArcSight ESM before 6.8c, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to obtain sensitive information via unspecified vectors.
- risk 0.42cvss 6.5epss 0.02
HPE Networking Products, originally branded as Comware 5, Comware 7, H3C, or HP, allow remote attackers to bypass intended access restrictions or cause a denial of service via "Virtual routing and forwarding (VRF) hopping."
- risk 0.41cvss 6.3epss 0.00
This update resolves a multi-factor authentication bypass attack
- risk 0.41cvss 6.3epss 0.01
A vulnerability was found in SICUNET Access Controller 0.32-05z and classified as critical. Affected by this issue is some unknown functionality of the file card_scan_decoder.php. The manipulation of the argument No/door leads to privilege escalation. The attack may be launched…
- risk 0.41cvss 6.3epss 0.01
A vulnerability has been found in SICUNET Access Controller 0.32-05z and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument c leads to privilege escalation. The attack can be launched remotely.
- risk 0.41cvss 6.3epss 0.01
A remote session reuse vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.
- risk 0.41cvss 6.3epss 0.01
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
- risk 0.41cvss 6.3epss 0.02
A potential Remote Arbitrary Code Execution vulnerability has been identified in Micro Focus' Real User Monitoring software, versions 9.26IP, 9.30, 9.40 and 9.50. The vulnerability could be exploited to execute arbitrary code.
- risk 0.41cvss 6.3epss 0.01
HPE ArcSight Logger before 6.1P1 allows remote authenticated users to execute arbitrary code via unspecified input to the (1) Intellicus or (2) client-certificate upload component.
- risk 0.40cvss 6.2epss 0.00
HP Advance Mobile Applications for iOS and Android are potentially vulnerable to information disclosure when using an outdated version of the application via mobile devices.
- risk 0.40cvss 6.1epss 0.00
Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to denial of service due to WS-Print request and potential injections of Cross Site Scripting via jQuery-UI.
- risk 0.40cvss 6.1epss 0.00
Potential Cross-Site Scripting in ArcSight Logger versions prior to 7.3.0
Page 12 of 45