Vendor CVEs
Microfocus
All CVEs
2,210 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-6494 | Med | 0.35 | 5.4 | 0.01 | May 22, 2018 | Remote SQL Injection against the HP Service Manager Software Web Tier, version 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, may lead to unauthorized disclosure of data. | ||
| CVE-2018-1348 | Med | 0.35 | 5.3 | 0.01 | Mar 26, 2018 | NetIQ Identity Manager driver, in versions prior to 4.7, allows for an SSL handshake renegotiation which could result in a MITM attack. | ||
| CVE-2018-1347 | Med | 0.35 | 5.3 | 0.01 | Mar 21, 2018 | The administrative web interface in NetIQ iManager, versions prior to 3.1, are vulnerable to reflected cross site scripting. | ||
| CVE-2017-7427 | Med | 0.35 | 5.4 | 0.01 | Mar 5, 2018 | Multiple cross site scripting attacks were found in the Identity Manager Plug-in, hosted on iManager 2.7.7.7, before Identity Manager 4.6.1. In certain scenarios it was possible to execute arbitrary JavaScript code in the context of vulnerable application, via user.Context in… | ||
| CVE-2017-9285 | Med | 0.35 | 5.4 | 0.01 | Mar 2, 2018 | NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services. | ||
| CVE-2017-9276 | Med | 0.35 | 5.4 | 0.01 | Mar 2, 2018 | Novell Access Manager iManager before 4.3.3 did not validate parameters so that cross site scripting content could be reflected back into the result page using the "a" parameter. | ||
| CVE-2017-14802 | Med | 0.35 | 5.4 | 0.01 | Mar 2, 2018 | Novell Access Manager Admin Console and IDP servers before 4.3.3 have a URL that could be used by remote attackers to trigger unvalidated redirects to third party sites. | ||
| CVE-2017-7426 | Med | 0.35 | 5.4 | 0.01 | Mar 1, 2018 | The NetIQ Identity Manager Plugins before 4.6.1 contained various XML External XML Entity (XXE) handling flaws that could be used by attackers to leak information or cause denial of service attacks. | ||
| CVE-2017-14800 | Med | 0.35 | 5.4 | 0.01 | Mar 1, 2018 | A reflected cross site scripting attack in the NetIQ Access Manager before 4.3.3 using the "typecontainerid" parameter of the policy editor could allowed code injection into pages of authenticated users. | ||
| CVE-2017-14359 | Med | 0.35 | 5.4 | 0.01 | Nov 3, 2017 | A potential security vulnerability has been identified in HPE Performance Center versions 12.20. The vulnerability could be remotely exploited to allow cross-site scripting. | ||
| CVE-2017-9273 | Med | 0.35 | 5.3 | 0.01 | Oct 6, 2017 | The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to unauthorized log configuration changes. | ||
| CVE-2017-13991 | Med | 0.35 | 5.3 | 0.01 | Sep 30, 2017 | An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of product license features. | ||
| CVE-2017-13990 | Med | 0.35 | 5.3 | 0.01 | Sep 30, 2017 | An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of Apache Tomcat application server version. | ||
| CVE-2017-7422 | Med | 0.35 | 5.4 | 0.01 | Aug 21, 2017 | Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection… | ||
| CVE-2017-7428 | Med | 0.35 | 5.3 | 0.01 | May 3, 2017 | NetIQ iManager 3.x before 3.0.3.1 has an issue in the renegotiation of connection parameters with Tomcat. | ||
| CVE-2017-5184 | Med | 0.35 | 5.3 | 0.01 | Mar 30, 2017 | A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0.1 that may allow leakage of information (account enumeration). | ||
| CVE-2016-4393 | Med | 0.35 | 5.4 | 0.01 | Oct 28, 2016 | HPE System Management Homepage before v7.6 allows "remote authenticated" attackers to obtain sensitive information via unspecified vectors, related to an "XSS" issue. | ||
| CVE-2016-1598 | Med | 0.35 | 5.4 | 0.01 | Oct 27, 2016 | XSS in NetIQ IDM 4.5 Identity Applications before 4.5.4 allows attackers able to change their username to inject arbitrary HTML code into the Role Assignment administrator HTML pages. | ||
| CVE-2016-4380 | Med | 0.35 | 5.4 | 0.01 | Sep 8, 2016 | Cross-site scripting (XSS) vulnerability in the AdminUI in HPE Operations Manager 9.21.x before 9.21.130 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||
| CVE-2016-2011 | Med | 0.35 | 5.4 | 0.01 | May 7, 2016 | Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2010. | ||
| CVE-2016-2010 | Med | 0.35 | 5.4 | 0.01 | May 7, 2016 | Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2011. | ||
| CVE-2015-5447 | Med | 0.35 | 5.4 | 0.01 | Jan 5, 2016 | Cross-site scripting (XSS) vulnerability in HP StoreOnce Backup system software before 3.13.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||
| CVE-2015-4000 | Low | 0.35 | 3.7 | 1.00 | May 21, 2015 | The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by… | ||
| CVE-2023-32266 | Med | 0.34 | — | 0.00 | Oct 16, 2024 | Untrusted Search Path vulnerability in OpenText™ Application Lifecycle Management (ALM),Quality Center allows Code Inclusion. The vulnerability allows a user to archive a malicious DLLs on the system prior to the installation. This issue affects Application Lifecycle… | ||
| CVE-2021-3441 | Med | 0.34 | 4.8 | 0.02 | Oct 29, 2021 | A potential security vulnerability has been identified for the HP OfficeJet 7110 Wide Format ePrinter that enables Cross-Site Scripting (XSS). | ||
| CVE-2026-1578 | Med | 0.33 | — | 0.00 | Feb 13, 2026 | HP App for Android is potentially vulnerable to cross-site scripting (XSS) when using an outdated version of the application via mobile devices. HP is releasing updates to mitigate these potential vulnerabilities. | ||
| CVE-2022-26327 | Med | 0.33 | — | 0.01 | Aug 21, 2024 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in OpenText Performance Center on Windows allows Retrieve Embedded Sensitive Data.This issue affects Performance Center: 12.63. | ||
| CVE-2024-38496 | Med | 0.33 | — | 0.00 | Jul 15, 2024 | The vulnerability allows a malicious low-privileged PAM user to access information about other PAM users and their group memberships. | ||
| CVE-2018-19644 | Med | 0.33 | 5.0 | 0.01 | Mar 27, 2019 | Reflected cross site script issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5. | ||
| CVE-2018-7673 | Med | 0.33 | 5.1 | 0.01 | Mar 26, 2018 | The NetIQ Identity Manager communication channel, in versions prior to 4.7, is susceptible to a DoS attack. | ||
| CVE-2017-17556 | Med | 0.33 | 5.1 | 0.01 | Dec 15, 2017 | A debug tool in Synaptics TouchPad drivers allows local users with administrative access to obtain sensitive information about keyboard scan codes by modifying registry keys. | ||
| CVE-2021-22535 | Med | 0.32 | 4.9 | 0.01 | Sep 28, 2021 | Unauthorized information security disclosure vulnerability on Micro Focus Directory and Resource Administrator (DRA) product, affecting all DRA versions prior to 10.1 Patch 1. The vulnerability could lead to unauthorized information disclosure. | ||
| CVE-2021-22526 | Med | 0.32 | 4.9 | 0.00 | Sep 13, 2021 | Open Redirection vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4 | ||
| CVE-2019-18944 | Med | 0.32 | 4.9 | 0.00 | Feb 26, 2021 | Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to reflected XSS. | ||
| CVE-2019-9488 | Med | 0.32 | 4.9 | 0.01 | Sep 11, 2019 | Trend Micro Deep Security Manager (10.x, 11.x) and Vulnerability Protection (2.0) are vulnerable to a XML External Entity Attack. However, for the attack to be possible, the attacker must have root/admin access to a protected host which is authorized to communicate with the Deep… | ||
| CVE-2024-7428 | Med | 0.31 | — | 0.00 | Aug 23, 2024 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in OpenText™ Network Node Manager i (NNMi) allows URL Redirector Abuse.This issue affects Network Node Manager i (NNMi): 2022.11, 2023.05, 23.4, 24.2. | ||
| CVE-2024-7427 | Med | 0.31 | — | 0.00 | Aug 23, 2024 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Network Node Manager i (NNMi) could allow Cross-Site Scripting (XSS).This issue affects Network Node Manager i (NNMi): 2022.11, 2023.05, 23.4, 24.2. | ||
| CVE-2021-22515 | Med | 0.31 | 4.8 | 0.01 | Jul 12, 2021 | Multi-Factor Authentication (MFA) functionality can be bypassed, allowing the use of single factor authentication in NetIQ Advanced Authentication versions prior to 6.3 SP4 Patch 1. | ||
| CVE-2019-18946 | Med | 0.31 | 4.8 | 0.00 | Feb 26, 2021 | Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to session fixation. | ||
| CVE-2021-22499 | Med | 0.31 | 4.8 | 0.01 | Feb 6, 2021 | Persistent Cross-Site scripting vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could allow persistent XSS attack. | ||
| CVE-2020-25833 | Med | 0.31 | 4.8 | 0.01 | Nov 17, 2020 | Persistent cross-Site Scripting vulnerability on Micro Focus IDOL product, affecting all version prior to version 12.7. The vulnerability could be exploited to perform Persistent XSS attack. | ||
| CVE-2019-6332 | Med | 0.31 | 4.8 | 0.01 | Jan 9, 2020 | A potential security vulnerability has been identified with certain HP InkJet printers. The vulnerability could be exploited to allow cross-site scripting (XSS). Affected products and versions include: HP DeskJet 2600 All-in-One Printer series model numbers 4UJ28B, V1N01A -… | ||
| CVE-2019-6324 | Med | 0.31 | 4.8 | 0.01 | Jun 17, 2019 | HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server potentially vulnerable to stored XSS in wireless configuration page | ||
| CVE-2018-12462 | Med | 0.31 | 4.8 | 0.01 | Jul 10, 2018 | NetIQ iManager 3.1.1 addresses potential XSS vulnerabilities. | ||
| CVE-2018-7681 | Med | 0.31 | 4.8 | 0.01 | Jun 21, 2018 | Micro Focus Solutions Business Manager versions prior to 11.4 allows JavaScript to be embedded in URLs placed in "Favorites" folder. If the user has certain administrative privileges then this vulnerability can impact other users in the system. | ||
| CVE-2018-6492 | Med | 0.31 | 4.7 | 0.02 | May 22, 2018 | Persistent Cross-Site Scripting, and non-persistent HTML Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited… | ||
| CVE-2017-9284 | Med | 0.31 | 4.8 | 0.01 | Apr 26, 2018 | IDM 4.6 Identity Applications prior to 4.6.2.1 may expose sensitive information. | ||
| CVE-2023-1526 | Med | 0.30 | 4.6 | 0.01 | Apr 28, 2023 | Certain DesignJet and PageWide XL TAA compliant models may have risk of potential information disclosure if the hard disk drive is physically removed from the printer. | ||
| CVE-2021-39237 | Med | 0.30 | 4.6 | 0.02 | Nov 3, 2021 | Certain HP LaserJet, HP LaserJet Managed, HP PageWide, and HP PageWide Managed printers may be vulnerable to potential information disclosure. | ||
| CVE-2019-16285 | Med | 0.30 | 4.6 | 0.01 | Nov 22, 2019 | If a local user has been configured and logged in, an unauthenticated attacker with physical access may be able to extract sensitive information onto a local drive. |
- risk 0.35cvss 5.4epss 0.01
Remote SQL Injection against the HP Service Manager Software Web Tier, version 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, may lead to unauthorized disclosure of data.
- risk 0.35cvss 5.3epss 0.01
NetIQ Identity Manager driver, in versions prior to 4.7, allows for an SSL handshake renegotiation which could result in a MITM attack.
- risk 0.35cvss 5.3epss 0.01
The administrative web interface in NetIQ iManager, versions prior to 3.1, are vulnerable to reflected cross site scripting.
- risk 0.35cvss 5.4epss 0.01
Multiple cross site scripting attacks were found in the Identity Manager Plug-in, hosted on iManager 2.7.7.7, before Identity Manager 4.6.1. In certain scenarios it was possible to execute arbitrary JavaScript code in the context of vulnerable application, via user.Context in…
- risk 0.35cvss 5.4epss 0.01
NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services.
- risk 0.35cvss 5.4epss 0.01
Novell Access Manager iManager before 4.3.3 did not validate parameters so that cross site scripting content could be reflected back into the result page using the "a" parameter.
- risk 0.35cvss 5.4epss 0.01
Novell Access Manager Admin Console and IDP servers before 4.3.3 have a URL that could be used by remote attackers to trigger unvalidated redirects to third party sites.
- risk 0.35cvss 5.4epss 0.01
The NetIQ Identity Manager Plugins before 4.6.1 contained various XML External XML Entity (XXE) handling flaws that could be used by attackers to leak information or cause denial of service attacks.
- risk 0.35cvss 5.4epss 0.01
A reflected cross site scripting attack in the NetIQ Access Manager before 4.3.3 using the "typecontainerid" parameter of the policy editor could allowed code injection into pages of authenticated users.
- risk 0.35cvss 5.4epss 0.01
A potential security vulnerability has been identified in HPE Performance Center versions 12.20. The vulnerability could be remotely exploited to allow cross-site scripting.
- risk 0.35cvss 5.3epss 0.01
The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to unauthorized log configuration changes.
- risk 0.35cvss 5.3epss 0.01
An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of product license features.
- risk 0.35cvss 5.3epss 0.01
An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of Apache Tomcat application server version.
- risk 0.35cvss 5.4epss 0.01
Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection…
- risk 0.35cvss 5.3epss 0.01
NetIQ iManager 3.x before 3.0.3.1 has an issue in the renegotiation of connection parameters with Tomcat.
- risk 0.35cvss 5.3epss 0.01
A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0.1 that may allow leakage of information (account enumeration).
- risk 0.35cvss 5.4epss 0.01
HPE System Management Homepage before v7.6 allows "remote authenticated" attackers to obtain sensitive information via unspecified vectors, related to an "XSS" issue.
- risk 0.35cvss 5.4epss 0.01
XSS in NetIQ IDM 4.5 Identity Applications before 4.5.4 allows attackers able to change their username to inject arbitrary HTML code into the Role Assignment administrator HTML pages.
- risk 0.35cvss 5.4epss 0.01
Cross-site scripting (XSS) vulnerability in the AdminUI in HPE Operations Manager 9.21.x before 9.21.130 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
- risk 0.35cvss 5.4epss 0.01
Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2010.
- risk 0.35cvss 5.4epss 0.01
Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2011.
- risk 0.35cvss 5.4epss 0.01
Cross-site scripting (XSS) vulnerability in HP StoreOnce Backup system software before 3.13.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
- risk 0.35cvss 3.7epss 1.00
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by…
- risk 0.34cvss —epss 0.00
Untrusted Search Path vulnerability in OpenText™ Application Lifecycle Management (ALM),Quality Center allows Code Inclusion. The vulnerability allows a user to archive a malicious DLLs on the system prior to the installation. This issue affects Application Lifecycle…
- risk 0.34cvss 4.8epss 0.02
A potential security vulnerability has been identified for the HP OfficeJet 7110 Wide Format ePrinter that enables Cross-Site Scripting (XSS).
- risk 0.33cvss —epss 0.00
HP App for Android is potentially vulnerable to cross-site scripting (XSS) when using an outdated version of the application via mobile devices. HP is releasing updates to mitigate these potential vulnerabilities.
- risk 0.33cvss —epss 0.01
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in OpenText Performance Center on Windows allows Retrieve Embedded Sensitive Data.This issue affects Performance Center: 12.63.
- risk 0.33cvss —epss 0.00
The vulnerability allows a malicious low-privileged PAM user to access information about other PAM users and their group memberships.
- risk 0.33cvss 5.0epss 0.01
Reflected cross site script issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.
- risk 0.33cvss 5.1epss 0.01
The NetIQ Identity Manager communication channel, in versions prior to 4.7, is susceptible to a DoS attack.
- risk 0.33cvss 5.1epss 0.01
A debug tool in Synaptics TouchPad drivers allows local users with administrative access to obtain sensitive information about keyboard scan codes by modifying registry keys.
- risk 0.32cvss 4.9epss 0.01
Unauthorized information security disclosure vulnerability on Micro Focus Directory and Resource Administrator (DRA) product, affecting all DRA versions prior to 10.1 Patch 1. The vulnerability could lead to unauthorized information disclosure.
- risk 0.32cvss 4.9epss 0.00
Open Redirection vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
- risk 0.32cvss 4.9epss 0.00
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to reflected XSS.
- risk 0.32cvss 4.9epss 0.01
Trend Micro Deep Security Manager (10.x, 11.x) and Vulnerability Protection (2.0) are vulnerable to a XML External Entity Attack. However, for the attack to be possible, the attacker must have root/admin access to a protected host which is authorized to communicate with the Deep…
- risk 0.31cvss —epss 0.00
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in OpenText™ Network Node Manager i (NNMi) allows URL Redirector Abuse.This issue affects Network Node Manager i (NNMi): 2022.11, 2023.05, 23.4, 24.2.
- risk 0.31cvss —epss 0.00
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Network Node Manager i (NNMi) could allow Cross-Site Scripting (XSS).This issue affects Network Node Manager i (NNMi): 2022.11, 2023.05, 23.4, 24.2.
- risk 0.31cvss 4.8epss 0.01
Multi-Factor Authentication (MFA) functionality can be bypassed, allowing the use of single factor authentication in NetIQ Advanced Authentication versions prior to 6.3 SP4 Patch 1.
- risk 0.31cvss 4.8epss 0.00
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to session fixation.
- risk 0.31cvss 4.8epss 0.01
Persistent Cross-Site scripting vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could allow persistent XSS attack.
- risk 0.31cvss 4.8epss 0.01
Persistent cross-Site Scripting vulnerability on Micro Focus IDOL product, affecting all version prior to version 12.7. The vulnerability could be exploited to perform Persistent XSS attack.
- risk 0.31cvss 4.8epss 0.01
A potential security vulnerability has been identified with certain HP InkJet printers. The vulnerability could be exploited to allow cross-site scripting (XSS). Affected products and versions include: HP DeskJet 2600 All-in-One Printer series model numbers 4UJ28B, V1N01A -…
- risk 0.31cvss 4.8epss 0.01
HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server potentially vulnerable to stored XSS in wireless configuration page
- risk 0.31cvss 4.8epss 0.01
NetIQ iManager 3.1.1 addresses potential XSS vulnerabilities.
- risk 0.31cvss 4.8epss 0.01
Micro Focus Solutions Business Manager versions prior to 11.4 allows JavaScript to be embedded in URLs placed in "Favorites" folder. If the user has certain administrative privileges then this vulnerability can impact other users in the system.
- risk 0.31cvss 4.7epss 0.02
Persistent Cross-Site Scripting, and non-persistent HTML Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited…
- risk 0.31cvss 4.8epss 0.01
IDM 4.6 Identity Applications prior to 4.6.2.1 may expose sensitive information.
- risk 0.30cvss 4.6epss 0.01
Certain DesignJet and PageWide XL TAA compliant models may have risk of potential information disclosure if the hard disk drive is physically removed from the printer.
- risk 0.30cvss 4.6epss 0.02
Certain HP LaserJet, HP LaserJet Managed, HP PageWide, and HP PageWide Managed printers may be vulnerable to potential information disclosure.
- risk 0.30cvss 4.6epss 0.01
If a local user has been configured and logged in, an unauthenticated attacker with physical access may be able to extract sensitive information onto a local drive.
Page 15 of 45