VYPR

Vendor CVEs

Microfocus

All CVEs

2,285 total · sorted by risk
  • CVE-2019-11950HigJun 5, 2019
    risk 0.58cvss 8.8epss 0.06

    A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

  • CVE-2019-5350HigJun 5, 2019
    risk 0.58cvss 8.8epss 0.06

    A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

  • CVE-2016-4405HigAug 6, 2018
    risk 0.58cvss 8.8epss 0.05

    A remote code execution vulnerability was identified in HP Business Service Management (BSM) using Apache Commons Collection Java Deserialization versions v9.20-v9.26

  • CVE-2017-5641CriDec 28, 2017
    risk 0.58cvss 9.8epss 0.21

    Previous versions of Apache Flex BlazeDS (4.7.2 and earlier) did not restrict which types were allowed for AMF(X) object deserialization by default. During the deserialization process code is executed that for several known types has undesired side-effects. Other, unknown types…

  • CVE-2017-14353HigOct 5, 2017
    risk 0.58cvss 8.8epss 0.05

    A remote code execution vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33, could be remotely exploited to allow code execution.

  • CVE-1999-0038HigApr 26, 1997
    risk 0.58cvss 8.4epss 0.01

    Buffer overflow in xlock program allows local users to execute commands as root.

  • CVE-2025-59099HigJan 26, 2026
    risk 0.57cvss epss 0.01

    The Access Manager is using the open source web server CompactWebServer written in C#. This web server is affected by a path traversal vulnerability, which allows an attacker to directly access files via simple GET requests without prior authentication. Hence, it is possible…

  • CVE-2025-59098HigJan 26, 2026
    risk 0.57cvss epss 0.00

    The Access Manager is offering a trace functionality to debug errors and issues with the device. The trace functionality is implemented as a simple TCP socket. A tool called TraceClient.exe, provided by dormakaba via the Access Manager web interface, is used to connect to the…

  • CVE-2024-27458HigOct 7, 2024
    risk 0.57cvss 8.8epss 0.00

    A potential security vulnerability has been identified in the HP Hotkey Support software, which might allow local escalation of privilege. HP is releasing mitigation for the potential vulnerability. Customers using HP Programmable Key are recommended to update HP Hotkey Support.

  • CVE-2024-3482HigMay 20, 2024
    risk 0.57cvss 8.7epss 0.00

    A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Enterprise Security Manager and ArcSight Platform. The vulnerability could be remotely exploited.

  • CVE-2024-2835HigMay 20, 2024
    risk 0.57cvss 8.7epss 0.00

    A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Enterprise Security Manager and ArcSight Platform. The vulnerability could be remotely exploited.

  • CVE-2024-4301HigApr 29, 2024
    risk 0.57cvss 8.8epss 0.01

    N-Reporter and N-Cloud, products of the N-Partner, have an OS Command Injection vulnerability. Remote attackers with normal user privilege can execute arbitrary system commands by manipulating user inputs on a specific page.

  • CVE-2023-35178HigJun 30, 2023
    risk 0.57cvss 8.8epss 0.00

    Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow when performing a GET request to scan jobs.

  • CVE-2023-35177HigJun 30, 2023
    risk 0.57cvss 8.8epss 0.00

    Certain HP LaserJet Pro print products are potentially vulnerable to a stack-based buffer overflow related to the compact font format parser.

  • CVE-2023-35176HigJun 30, 2023
    risk 0.57cvss 8.8epss 0.00

    Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Denial of Service when using the backup & restore feature through the embedded web service on the device.

  • CVE-2023-26298HigJun 12, 2023
    risk 0.57cvss 8.8epss 0.02

    Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.

  • CVE-2023-26297HigJun 12, 2023
    risk 0.57cvss 8.8epss 0.02

    Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.

  • CVE-2023-26296HigJun 12, 2023
    risk 0.57cvss 8.8epss 0.02

    Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.

  • CVE-2022-46359HigJan 30, 2023
    risk 0.57cvss 8.8epss 0.00

    Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure.

  • CVE-2022-46358HigJan 30, 2023
    risk 0.57cvss 8.8epss 0.00

    Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure.

  • CVE-2022-46357HigJan 30, 2023
    risk 0.57cvss 8.8epss 0.00

    Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure.

  • CVE-2022-46356HigJan 30, 2023
    risk 0.57cvss 8.8epss 0.00

    Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure.

  • CVE-2021-39301HigFeb 16, 2022
    risk 0.57cvss 8.8epss 0.00

    Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.

  • CVE-2021-39300HigFeb 16, 2022
    risk 0.57cvss 8.8epss 0.00

    Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.

  • CVE-2021-39299HigFeb 16, 2022
    risk 0.57cvss 8.8epss 0.00

    Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.

  • CVE-2021-39297HigFeb 16, 2022
    risk 0.57cvss 8.8epss 0.00

    Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.

  • CVE-2021-22517HigAug 5, 2021
    risk 0.57cvss 8.8epss 0.01

    A potential unauthorized privilege escalation vulnerability has been identified in Micro Focus Data Protector. The vulnerability affects versions 10.10, 10.20, 10.30, 10.40, 10.50, 10.60, 10.70, 10.80, 10.0 and 10.91. A privileged user may potentially misuse this feature and…

  • CVE-2021-29238HigMay 3, 2021
    risk 0.57cvss 8.8epss 0.01

    CODESYS Automation Server before 1.16.0 allows cross-site request forgery (CSRF).

  • CVE-2020-24678HigDec 22, 2020
    risk 0.57cvss 8.8epss 0.01

    An authenticated user might execute malicious code under the user context and take control of the system. S+ Operations or S+ Historian database is affected by multiple vulnerabilities such as the possibility to allow remote authenticated users to gain high privileges.

  • CVE-2020-24677HigDec 22, 2020
    risk 0.57cvss 8.8epss 0.01

    Vulnerabilities in the S+ Operations and S+ Historian web applications can lead to a possible code execution and privilege escalation, redirect the user somewhere else or download unwanted data.

  • CVE-2020-24674HigDec 22, 2020
    risk 0.57cvss 8.8epss 0.03

    In S+ Operations and S+ Historian, not all client commands correctly check user permission as expected. Authenticated but Unauthorized remote users could execute a Denial-of-Service (DoS) attack, execute arbitrary code, or obtain more privilege than intended on the machines.

  • CVE-2020-7198HigNov 6, 2020
    risk 0.57cvss 8.8epss 0.02

    There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer. HPE has provided updates to Oneview and Synergy Composer: Update to version 5.5 of OneView, Composer, or Composer2.

  • CVE-2020-7195HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.03

    A iccselectrules expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7194HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.03

    A perfaddormoddevicemonitor expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7193HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.03

    A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7192HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.03

    A devicethresholdconfig expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7191HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.03

    A devsoftsel expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7190HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.03

    A deviceselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7189HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.03

    A faultflasheventselectfact expression language injectionremote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7188HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.03

    A userselectpagingcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7187HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.03

    A reportpage index expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7186HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.03

    A powershellconfigcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7185HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.03

    A tvxlanlegend expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7184HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.03

    A viewbatchtaskresultdetailfact expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7183HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.03

    A forwardredirect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7182HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.03

    A sshconfig expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7180HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.03

    A ictexpertdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7179HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.03

    A thirdpartyperfselecttask expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7178HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.03

    A mediaforaction expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7177HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.03

    A wmiconfigcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

Page 5 of 46