CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

HP : Security Vulnerabilities (CVSS score between 4 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-23699 287 Bypass 2022-04-04 2022-04-13
4.6
None Local Low Not required Partial Partial Partial
A local authentication restriction bypass vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.
2 CVE-2022-23698 2022-04-04 2022-04-13
5.0
None Remote Low Not required Partial None None
A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.
3 CVE-2022-23697 79 XSS 2022-04-04 2022-04-12
4.3
None Remote Medium Not required None Partial None
A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.
4 CVE-2021-29214 94 2021-12-10 2021-12-14
6.5
None Remote Low ??? Partial Partial Partial
A security vulnerability has been identified in HPE StoreServ Management Console (SSMC). An authenticated SSMC administrator could exploit the vulnerability to inject code and elevate their privilege in SSMC. The scope of this vulnerability is limited to SSMC. Note: The arrays being managed are not impacted by this vulnerability. This vulnerability impacts SSMC versions 3.4 GA to 3.8.1.
5 CVE-2021-26586 2021-08-05 2021-08-13
5.0
None Remote Low Not required Partial None None
A potential security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software. The vulnerability could be remotely exploited to disclose sensitive information. HPE has made software updates available to resolve the vulnerability in the HPE Edgeline Infrastructure Manager (EIM).
6 CVE-2021-26584 79 XSS 2021-06-03 2021-06-11
4.3
None Remote Medium Not required None Partial None
A security vulnerability in HPE OneView for VMware vCenter (OV4VC) could be exploited remotely to allow Cross-Site Scripting. HPE has released the following software update to resolve the vulnerability in HPE OneView for VMware vCenter (OV4VC).
7 CVE-2021-3440 269 2021-11-01 2021-11-03
4.6
None Local Low Not required Partial Partial Partial
HP Print and Scan Doctor, an application within the HP Smart App for Windows, is potentially vulnerable to local elevation of privilege.
8 CVE-2021-3438 120 Overflow 2021-05-20 2021-06-08
4.6
None Local Low Not required Partial Partial Partial
A potential buffer overflow in the software drivers for certain HP LaserJet products and Samsung product printers could lead to an escalation of privilege.
9 CVE-2020-11853 Exec Code 2020-10-22 2021-05-12
6.5
None Remote Low ??? Partial Partial Partial
Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9.51, 9.50 and 9.40 with uCMDB 10.33 CUP 3 3.) Data Center Automation affected version 2019.11 4.) Operations Bridge (containerized) affecting versions: 2019.11, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05, 2018.02, 2017.11 5.) Universal CMDB affecting version: 2020.05, 2019.11, 2019.05, 2019.02, 2018.11, 2018.08, 2018.05, 11, 10.33, 10.32, 10.31, 10.30 6.) Hybrid Cloud Management affecting version 2020.05 7.) Service Management Automation affecting version 2020.5 and 2020.02. The vulnerability could allow to execute arbitrary code.
10 CVE-2020-7208 79 XSS 2020-02-13 2020-02-18
4.3
None Remote Medium Not required None Partial None
LinuxKI v6.0-1 and earlier is vulnerable to an XSS which is resolved in release 6.0-2.
11 CVE-2020-7198 269 2020-11-06 2021-07-21
6.5
None Remote Low ??? Partial Partial Partial
There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer. HPE has provided updates to Oneview and Synergy Composer: Update to version 5.5 of OneView, Composer, or Composer2.
12 CVE-2020-7196 522 2020-10-26 2021-07-21
4.0
None Remote Low ??? Partial None None
The HPE BlueData EPIC Software Platform version 4.0 and HPE Ezmeral Container Platform 5.0 use an insecure method of handling sensitive Kerberos passwords that is susceptible to unauthorized interception and/or retrieval. Specifically, they display the kdc_admin_password in the source file of the url "/bdswebui/assignusers/".
13 CVE-2020-7135 269 Exec Code 2020-04-27 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
A potential security vulnerability has been identified in the disk drive firmware installers named Supplemental Update / Online ROM Flash Component on HPE servers running Linux. The vulnerable software is included in the HPE Service Pack for ProLiant (SPP) releases 2018.06.0, 2018.09.0, and 2018.11.0. The vulnerable software is the Supplemental Update / Online ROM Flash Component for Linux (x64) software. The installer in this software component could be locally exploited to execute arbitrary code. Drive Models can be found in the Vulnerability Resolution field of the security bulletin. The 2019_03 SPP and Supplemental update / Online ROM Flash Component for Linux (x64) after 2019.03.0 has fixed this issue.
14 CVE-2020-7134 200 +Info 2020-04-24 2021-07-21
4.0
None Remote Low ??? Partial None None
A remote access to sensitive data vulnerability was discovered in HPE IOT + GCP version(s): 1.4.0, 1.4.1, 1.4.2, 1.2.4.2.
15 CVE-2020-7130 200 +Info 2020-03-04 2020-03-05
5.0
None Remote Low Not required Partial None None
HPE OneView Global Dashboard (OVGD) 1.9 has a remote information disclosure vulnerability. HPE OneView Global Dashboard - After Upgrade or Install of OVGD Version 1.9, Appliance Firewall May Leave Ports Open. This is resolved in OVGD 1.91 or later.
16 CVE-2020-6931 269 2021-11-03 2021-11-05
4.6
None Local Low Not required Partial Partial Partial
HP Print and Scan Doctor may potentially be vulnerable to local elevation of privilege.
17 CVE-2020-6922 269 2022-02-16 2022-02-24
6.8
None Remote Medium Not required Partial Partial Partial
Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software.
18 CVE-2020-6921 2022-02-16 2022-02-24
6.8
None Remote Medium Not required Partial Partial Partial
Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software.
19 CVE-2020-6920 2022-02-16 2022-02-24
4.3
None Remote Medium Not required Partial None None
Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software.
20 CVE-2020-6919 2022-02-16 2022-02-24
6.8
None Remote Medium Not required Partial Partial Partial
Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software.
21 CVE-2020-6918 2022-02-16 2022-02-24
6.8
None Remote Medium Not required Partial Partial Partial
Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software.
22 CVE-2020-6917 2022-02-16 2022-02-24
6.8
None Remote Medium Not required Partial Partial Partial
Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software.
23 CVE-2019-18910 78 Exec Code 2019-11-22 2022-01-01
4.6
None Local Low Not required Partial Partial Partial
The Citrix Receiver wrapper function does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with local user privileges.
24 CVE-2019-16286 287 Exec Code Bypass 2019-11-22 2020-08-24
4.6
None Local Low Not required Partial Partial Partial
An attacker may be able to bypass the OS application filter meant to restrict applications that can be executed by changing browser preferences to launch a separate process that in turn can execute arbitrary commands.
25 CVE-2019-12000 20 Bypass 2020-07-17 2021-07-21
5.4
None Remote Medium ??? Partial Partial Partial
HPE has found a potential Remote Access Restriction Bypass in HPE MSE Msg Gw application E-LTU prior to version 3.2 when HTTPS is used between the USSD and an external USSD service logic application. Update to version 3.2 and update the HTTPS configuration as described in the HPE MSE Messaging Gateway Configuration and Operations Guide.
26 CVE-2019-11997 79 XSS 2020-01-16 2020-01-27
4.3
None Remote Medium Not required None Partial None
A potential security vulnerability has been identified in HPE enhanced Internet Usage Manager (eIUM) versions 8.3 and 9.0. The vulnerability could be used for unauthorized access to information via cross site scripting. HPE has made the following software updates to resolve the vulnerability in eIUM. The eIUM 8.3 FP01 customers are advised to install eIUM83FP01Patch_QXCR1001711284.20190806-1244 patch. The eIUM 9.0 customers are advised to upgrade to eIUM 9.0 FP02 PI5 or later versions. For other versions, please, contact the product support.
27 CVE-2019-11995 2019-12-18 2020-08-24
5.0
None Remote Low Not required Partial None None
Security vulnerabilities in HPE UIoT version 1.2.4.2 could allow unauthorized remote access and access to sensitive data. HPE has addressed this issue in HPE UIoT: For customers with release UIoT 1.2.4.2 fixes are made available with 1.2.4.2 RP3 HF1. For customers with release older than 1.2.4.2, such as 1.2.4.1, 1.2.4.0, the resolution will be to upgrade to 1.2.4.2 RP3 HF1 Customers are requested to upgrade to the updated versions or contact HPE support for further assistance.
28 CVE-2019-11992 79 XSS 2019-12-18 2019-12-23
4.3
None Remote Medium Not required None Partial None
A security vulnerability in HPE OneView for VMware vCenter 9.5 could be exploited remotely to allow Cross-Site Scripting.
29 CVE-2019-11946 310 2019-06-05 2021-07-21
6.8
None Remote Low ??? Complete None None
A remote credential disclosure vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
30 CVE-2019-11655 434 2019-10-04 2019-10-10
6.5
None Remote Low ??? Partial Partial Partial
Unrestricted file upload vulnerability in Micro Focus ArcSight Logger, version 6.7.0 and later. This vulnerability could allow Unrestricted Upload of File with Dangerous type.
31 CVE-2019-5408 2019-08-09 2020-08-24
6.4
None Remote Low Not required Partial Partial None
Command View Advanced Edition (CVAE) products contain a vulnerability that could expose configuration information of hosts and storage systems that are managed by Device Manager server. This problem is due to a vulnerability in Device Manager GUI. The following products are affected. DevMgr version 7.0.0-00 to earlier than 8.6.1-02 RepMgr if it is installed on the same machine as DevMgr TSMgr if it is installed on the same machine as DevMgr. The resolution is to upgrade to the fixed version as described below or later version of DevMgr 8.6.2-02 or later. RepMgr and TSMgr will be corrected by upgrading DevMgr.
32 CVE-2019-5407 2019-08-09 2020-08-24
6.5
None Remote Low ??? Partial Partial Partial
A remote information disclosure vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
33 CVE-2019-5405 Bypass 2019-08-09 2020-08-24
5.0
None Remote Low Not required Partial None None
A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
34 CVE-2019-5394 2019-06-05 2020-08-24
4.9
None Local High ??? Partial Partial Complete
The HPE Nonstop Maintenance Entity family of products are vulnerable to local disclosure of information, such as system layout and configuration.
35 CVE-2019-5393 Exec Code 2019-06-05 2020-08-24
6.8
None Remote Low ??? Complete None None
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
36 CVE-2019-5392 2019-06-05 2020-08-24
5.0
None Remote Low Not required Partial None None
A disclosure of information vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
37 CVE-2019-3683 732 2020-01-17 2020-10-22
6.5
None Remote Low ??? Partial Partial Partial
The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full "member" role access to every project. This allowed these users to access, modify, create and delete arbitrary resources, contrary to expectations.
38 CVE-2019-3486 79 XSS 2019-07-25 2021-05-12
4.3
None Remote Medium Not required None Partial None
Mitigates a stored cross site scripting issue in ArcSight Security Management Center versions prior to 2.9.1
39 CVE-2019-3485 79 XSS 2019-07-24 2021-05-12
4.3
None Remote Medium Not required None Partial None
Mitigates a stored cross site scripting issue in ArcSight Logger versions prior to 6.7.1
40 CVE-2019-3483 200 +Info 2019-03-25 2021-07-21
6.8
None Remote Low ??? Complete None None
Mitigates a potential information leakage issue in ArcSight Logger versions prior to 6.7.
41 CVE-2019-3482 22 Dir. Trav. 2019-03-25 2019-03-25
6.8
None Remote Low ??? Complete None None
Mitigates a directory traversal issue in ArcSight Logger versions prior to 6.7.
42 CVE-2019-3480 79 XSS 2019-03-25 2019-03-25
4.3
None Remote Medium Not required None Partial None
Mitigates a stored/reflected XSS issue in ArcSight Logger versions prior to 6.7.
43 CVE-2018-18593 22 Dir. Trav. 2018-12-31 2019-10-09
5.0
None Remote Low Not required Partial None None
Remote Directory Traversal and Remote Disclosure of Privileged Information in UCMDB Configuration Management Service, version 10.22, 10.22 CUP1, 10.22 CUP2, 10.22 CUP3, 10.22 CUP4, 10.22 CUP5, 10.22 CUP6, 10.22 CUP7, 10.33, 10.33 CUP1, 10.33 CUP2, 10.33 CUP3, 2018.02, 2018.05, 2018.08, 2018.11. The vulnerabilities could allow Remote Directory Traversal and Remote Disclosure of Privileged Information
44 CVE-2018-7125 Exec Code 2019-06-05 2020-08-24
6.5
None Remote Low ??? Partial Partial Partial
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
45 CVE-2018-7122 200 +Info 2019-06-05 2019-06-06
5.0
None Remote Low Not required Partial None None
A remote disclosure of information vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
46 CVE-2018-7118 Bypass 2019-04-09 2020-08-24
4.6
None Local Low Not required Partial Partial Partial
A local access restriction bypass vulnerability was identified in HPE Service Pack for ProLiant (SPP) Bundled Software earlier than version 2018.09.0.
47 CVE-2018-7116 119 DoS Overflow 2018-12-03 2020-08-24
5.0
None Remote Low Not required None None Partial
HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to a remote denial of service via dbman Opcode 10003 'Filename'. This problem is resolved in IMC PLAT 7.3 (E0605P06) or subsequent versions.
48 CVE-2018-7111 2018-10-17 2019-10-03
5.0
None Remote Low Not required None Partial None
A remote unauthorized access vulnerability was identified in HPE UIoT versions 1.5, 1.4.0, 1.4.1, 1.4.2, 1.2.4.2. Specifically, there is a malfunction identified in some section of the DSM portal and some DSM APIs. The impact of the malfunction is that the info can be changed by other users.
49 CVE-2018-7109 2018-09-27 2020-08-24
5.5
None Remote Low ??? None Partial Partial
HPE has addressed a remote arbitrary file modification vulnerability in HPE enhanced Internet Usage Manager (eIUM) v9.0FP1 with the cumulative patch for v9.0FP1 - eIUM90FP01XXX.YYYYMMDD-HHMM.
50 CVE-2018-7102 22 Dir. Trav. 2018-09-27 2018-12-20
5.0
None Remote Low Not required None Partial None
A security vulnerability in HPE Intelligent Management Center (iMC) PLAT E0506P09, createFabricAutoCfgFile could be remotely exploited via directory traversal to allow remote arbitrary file modification.
Total number of vulnerabilities : 679   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.