| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-23700 |
863 |
|
|
2022-04-04 |
2022-04-13 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A local unauthorized read access to files vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView. |
|
2 |
CVE-2022-23699 |
287 |
|
Bypass |
2022-04-04 |
2022-04-13 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
A local authentication restriction bypass vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView. |
|
3 |
CVE-2022-23698 |
|
|
|
2022-04-04 |
2022-04-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView. |
|
4 |
CVE-2022-23697 |
79 |
|
XSS |
2022-04-04 |
2022-04-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView. |
|
5 |
CVE-2022-23456 |
|
|
|
2022-01-28 |
2022-02-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Potential arbitrary file deletion vulnerability has been identified in HP Support Assistant software. |
|
6 |
CVE-2021-39237 |
|
|
|
2021-11-03 |
2021-11-04 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Certain HP LaserJet, HP LaserJet Managed, HP PageWide, and HP PageWide Managed printers may be vulnerable to potential information disclosure. |
|
7 |
CVE-2021-29214 |
94 |
|
|
2021-12-10 |
2021-12-14 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
A security vulnerability has been identified in HPE StoreServ Management Console (SSMC). An authenticated SSMC administrator could exploit the vulnerability to inject code and elevate their privilege in SSMC. The scope of this vulnerability is limited to SSMC. Note: The arrays being managed are not impacted by this vulnerability. This vulnerability impacts SSMC versions 3.4 GA to 3.8.1. |
|
8 |
CVE-2021-26586 |
|
|
|
2021-08-05 |
2021-08-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A potential security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software. The vulnerability could be remotely exploited to disclose sensitive information. HPE has made software updates available to resolve the vulnerability in the HPE Edgeline Infrastructure Manager (EIM). |
|
9 |
CVE-2021-26584 |
79 |
|
XSS |
2021-06-03 |
2021-06-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A security vulnerability in HPE OneView for VMware vCenter (OV4VC) could be exploited remotely to allow Cross-Site Scripting. HPE has released the following software update to resolve the vulnerability in HPE OneView for VMware vCenter (OV4VC). |
|
10 |
CVE-2021-3662 |
79 |
|
XSS |
2021-10-29 |
2021-11-04 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Certain HP Enterprise LaserJet and PageWide MFPs may be vulnerable to stored cross site scripting (XSS). |
|
11 |
CVE-2021-3440 |
269 |
|
|
2021-11-01 |
2021-11-03 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
HP Print and Scan Doctor, an application within the HP Smart App for Windows, is potentially vulnerable to local elevation of privilege. |
|
12 |
CVE-2021-3438 |
120 |
|
Overflow |
2021-05-20 |
2021-06-08 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
A potential buffer overflow in the software drivers for certain HP LaserJet products and Samsung product printers could lead to an escalation of privilege. |
|
13 |
CVE-2020-11853 |
|
|
Exec Code |
2020-10-22 |
2021-05-12 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9.51, 9.50 and 9.40 with uCMDB 10.33 CUP 3 3.) Data Center Automation affected version 2019.11 4.) Operations Bridge (containerized) affecting versions: 2019.11, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05, 2018.02, 2017.11 5.) Universal CMDB affecting version: 2020.05, 2019.11, 2019.05, 2019.02, 2018.11, 2018.08, 2018.05, 11, 10.33, 10.32, 10.31, 10.30 6.) Hybrid Cloud Management affecting version 2020.05 7.) Service Management Automation affecting version 2020.5 and 2020.02. The vulnerability could allow to execute arbitrary code. |
|
14 |
CVE-2020-7208 |
79 |
|
XSS |
2020-02-13 |
2020-02-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
LinuxKI v6.0-1 and earlier is vulnerable to an XSS which is resolved in release 6.0-2. |
|
15 |
CVE-2020-7198 |
269 |
|
|
2020-11-06 |
2021-07-21 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer. HPE has provided updates to Oneview and Synergy Composer: Update to version 5.5 of OneView, Composer, or Composer2. |
|
16 |
CVE-2020-7196 |
522 |
|
|
2020-10-26 |
2021-07-21 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
The HPE BlueData EPIC Software Platform version 4.0 and HPE Ezmeral Container Platform 5.0 use an insecure method of handling sensitive Kerberos passwords that is susceptible to unauthorized interception and/or retrieval. Specifically, they display the kdc_admin_password in the source file of the url "/bdswebui/assignusers/". |
|
17 |
CVE-2020-7135 |
269 |
|
Exec Code |
2020-04-27 |
2021-07-21 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
A potential security vulnerability has been identified in the disk drive firmware installers named Supplemental Update / Online ROM Flash Component on HPE servers running Linux. The vulnerable software is included in the HPE Service Pack for ProLiant (SPP) releases 2018.06.0, 2018.09.0, and 2018.11.0. The vulnerable software is the Supplemental Update / Online ROM Flash Component for Linux (x64) software. The installer in this software component could be locally exploited to execute arbitrary code. Drive Models can be found in the Vulnerability Resolution field of the security bulletin. The 2019_03 SPP and Supplemental update / Online ROM Flash Component for Linux (x64) after 2019.03.0 has fixed this issue. |
|
18 |
CVE-2020-7134 |
200 |
|
+Info |
2020-04-24 |
2021-07-21 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
A remote access to sensitive data vulnerability was discovered in HPE IOT + GCP version(s): 1.4.0, 1.4.1, 1.4.2, 1.2.4.2. |
|
19 |
CVE-2020-7132 |
79 |
|
XSS |
2020-04-23 |
2020-04-30 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
A potential security vulnerability has been identified in HPE Onboard Administrator. The vulnerability could be remotely exploited to allow Reflected Cross Site Scripting. HPE has made the following software updates and mitigation information to resolve the vulnerability in HPE Onboard Administrator. * OA 4.95 (Linux and Windows). |
|
20 |
CVE-2020-7130 |
200 |
|
+Info |
2020-03-04 |
2020-03-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
HPE OneView Global Dashboard (OVGD) 1.9 has a remote information disclosure vulnerability. HPE OneView Global Dashboard - After Upgrade or Install of OVGD Version 1.9, Appliance Firewall May Leave Ports Open. This is resolved in OVGD 1.91 or later. |
|
21 |
CVE-2020-6931 |
269 |
|
|
2021-11-03 |
2021-11-05 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
HP Print and Scan Doctor may potentially be vulnerable to local elevation of privilege. |
|
22 |
CVE-2020-6922 |
269 |
|
|
2022-02-16 |
2022-02-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software. |
|
23 |
CVE-2020-6921 |
|
|
|
2022-02-16 |
2022-02-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software. |
|
24 |
CVE-2020-6920 |
|
|
|
2022-02-16 |
2022-02-24 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software. |
|
25 |
CVE-2020-6919 |
|
|
|
2022-02-16 |
2022-02-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software. |
|
26 |
CVE-2020-6918 |
|
|
|
2022-02-16 |
2022-02-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software. |
|
27 |
CVE-2020-6917 |
|
|
|
2022-02-16 |
2022-02-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software. |
|
28 |
CVE-2019-19539 |
522 |
|
|
2020-01-27 |
2020-02-07 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in Idelji Web ViewPoint H01ABO-H01BY and L01ABP-L01ABZ, Web ViewPoint Plus H01AAG-H01AAQ and L01AAH-L01AAR, and Web ViewPoint Enterprise H01-H01AAE and L01-L01AAF. By reading ADB or AADB file content within the Installation subvolume, a Guardian user can discover the password of the group.user or alias who acknowledges events from the WVP Events screen. |
|
29 |
CVE-2019-18910 |
78 |
|
Exec Code |
2019-11-22 |
2022-01-01 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Citrix Receiver wrapper function does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with local user privileges. |
|
30 |
CVE-2019-18567 |
125 |
|
DoS |
2020-02-03 |
2021-11-03 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
None |
Partial |
|
Bromium client version 4.0.3.2060 and prior to 4.1.7 Update 1 has an out of bound read results in race condition causing Kernel memory leaks or denial of service. |
|
31 |
CVE-2019-16286 |
287 |
|
Exec Code Bypass |
2019-11-22 |
2020-08-24 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
An attacker may be able to bypass the OS application filter meant to restrict applications that can be executed by changing browser preferences to launch a separate process that in turn can execute arbitrary commands. |
|
32 |
CVE-2019-16285 |
200 |
|
+Info |
2019-11-22 |
2020-08-24 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
If a local user has been configured and logged in, an unauthenticated attacker with physical access may be able to extract sensitive information onto a local drive. |
|
33 |
CVE-2019-12000 |
20 |
|
Bypass |
2020-07-17 |
2021-07-21 |
5.4 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
HPE has found a potential Remote Access Restriction Bypass in HPE MSE Msg Gw application E-LTU prior to version 3.2 when HTTPS is used between the USSD and an external USSD service logic application. Update to version 3.2 and update the HTTPS configuration as described in the HPE MSE Messaging Gateway Configuration and Operations Guide. |
|
34 |
CVE-2019-11997 |
79 |
|
XSS |
2020-01-16 |
2020-01-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A potential security vulnerability has been identified in HPE enhanced Internet Usage Manager (eIUM) versions 8.3 and 9.0. The vulnerability could be used for unauthorized access to information via cross site scripting. HPE has made the following software updates to resolve the vulnerability in eIUM. The eIUM 8.3 FP01 customers are advised to install eIUM83FP01Patch_QXCR1001711284.20190806-1244 patch. The eIUM 9.0 customers are advised to upgrade to eIUM 9.0 FP02 PI5 or later versions. For other versions, please, contact the product support. |
|
35 |
CVE-2019-11995 |
|
|
|
2019-12-18 |
2020-08-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Security vulnerabilities in HPE UIoT version 1.2.4.2 could allow unauthorized remote access and access to sensitive data. HPE has addressed this issue in HPE UIoT: For customers with release UIoT 1.2.4.2 fixes are made available with 1.2.4.2 RP3 HF1. For customers with release older than 1.2.4.2, such as 1.2.4.1, 1.2.4.0, the resolution will be to upgrade to 1.2.4.2 RP3 HF1 Customers are requested to upgrade to the updated versions or contact HPE support for further assistance. |
|
36 |
CVE-2019-11992 |
79 |
|
XSS |
2019-12-18 |
2019-12-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A security vulnerability in HPE OneView for VMware vCenter 9.5 could be exploited remotely to allow Cross-Site Scripting. |
|
37 |
CVE-2019-11946 |
310 |
|
|
2019-06-05 |
2021-07-21 |
6.8 |
None |
Remote |
Low |
??? |
Complete |
None |
None |
|
A remote credential disclosure vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. |
|
38 |
CVE-2019-11656 |
79 |
|
XSS |
2019-10-04 |
2019-10-08 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Stored XSS vulnerability in Micro Focus ArcSight Logger, affects versions prior to Logger 6.7.1 HotFix 6.7.1.8262.0. This vulnerability could allow Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). |
|
39 |
CVE-2019-11655 |
434 |
|
|
2019-10-04 |
2019-10-10 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Unrestricted file upload vulnerability in Micro Focus ArcSight Logger, version 6.7.0 and later. This vulnerability could allow Unrestricted Upload of File with Dangerous type. |
|
40 |
CVE-2019-7317 |
416 |
|
|
2019-02-04 |
2022-04-25 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. |
|
41 |
CVE-2019-6331 |
200 |
|
+Info |
2020-01-09 |
2020-01-15 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An issue was found in Samsung Mobile Print (Android) versions prior to 4.08.007. A potential security vulnerability caused by incomplete obfuscation of application configuration information. |
|
42 |
CVE-2019-5408 |
|
|
|
2019-08-09 |
2020-08-24 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
Command View Advanced Edition (CVAE) products contain a vulnerability that could expose configuration information of hosts and storage systems that are managed by Device Manager server. This problem is due to a vulnerability in Device Manager GUI. The following products are affected. DevMgr version 7.0.0-00 to earlier than 8.6.1-02 RepMgr if it is installed on the same machine as DevMgr TSMgr if it is installed on the same machine as DevMgr. The resolution is to upgrade to the fixed version as described below or later version of DevMgr 8.6.2-02 or later. RepMgr and TSMgr will be corrected by upgrading DevMgr. |
|
43 |
CVE-2019-5407 |
|
|
|
2019-08-09 |
2020-08-24 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
A remote information disclosure vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1. |
|
44 |
CVE-2019-5405 |
|
|
Bypass |
2019-08-09 |
2020-08-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1. |
|
45 |
CVE-2019-5403 |
79 |
|
XSS |
2019-08-09 |
2019-08-16 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
A remote multiple cross-site scripting vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1. |
|
46 |
CVE-2019-5394 |
|
|
|
2019-06-05 |
2020-08-24 |
4.9 |
None |
Local |
High |
??? |
Partial |
Partial |
Complete |
|
The HPE Nonstop Maintenance Entity family of products are vulnerable to local disclosure of information, such as system layout and configuration. |
|
47 |
CVE-2019-5393 |
|
|
Exec Code |
2019-06-05 |
2020-08-24 |
6.8 |
None |
Remote |
Low |
??? |
Complete |
None |
None |
|
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. |
|
48 |
CVE-2019-5392 |
|
|
|
2019-06-05 |
2020-08-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A disclosure of information vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. |
|
49 |
CVE-2019-3683 |
732 |
|
|
2020-01-17 |
2020-10-22 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full "member" role access to every project. This allowed these users to access, modify, create and delete arbitrary resources, contrary to expectations. |
|
50 |
CVE-2019-3486 |
79 |
|
XSS |
2019-07-25 |
2021-05-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Mitigates a stored cross site scripting issue in ArcSight Security Management Center versions prior to 2.9.1 |
