CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

HP : Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2020-11853 Exec Code 2020-10-22 2021-05-12
6.5
None Remote Low ??? Partial Partial Partial
Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9.51, 9.50 and 9.40 with uCMDB 10.33 CUP 3 3.) Data Center Automation affected version 2019.11 4.) Operations Bridge (containerized) affecting versions: 2019.11, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05, 2018.02, 2017.11 5.) Universal CMDB affecting version: 2020.05, 2019.11, 2019.05, 2019.02, 2018.11, 2018.08, 2018.05, 11, 10.33, 10.32, 10.31, 10.30 6.) Hybrid Cloud Management affecting version 2020.05 7.) Service Management Automation affecting version 2020.5 and 2020.02. The vulnerability could allow to execute arbitrary code.
2 CVE-2020-7198 269 2020-11-06 2021-07-21
6.5
None Remote Low ??? Partial Partial Partial
There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer. HPE has provided updates to Oneview and Synergy Composer: Update to version 5.5 of OneView, Composer, or Composer2.
3 CVE-2019-11946 310 2019-06-05 2021-07-21
6.8
None Remote Low ??? Complete None None
A remote credential disclosure vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
4 CVE-2019-11655 434 2019-10-04 2019-10-10
6.5
None Remote Low ??? Partial Partial Partial
Unrestricted file upload vulnerability in Micro Focus ArcSight Logger, version 6.7.0 and later. This vulnerability could allow Unrestricted Upload of File with Dangerous type.
5 CVE-2019-5408 2019-08-09 2020-08-24
6.4
None Remote Low Not required Partial Partial None
Command View Advanced Edition (CVAE) products contain a vulnerability that could expose configuration information of hosts and storage systems that are managed by Device Manager server. This problem is due to a vulnerability in Device Manager GUI. The following products are affected. DevMgr version 7.0.0-00 to earlier than 8.6.1-02 RepMgr if it is installed on the same machine as DevMgr TSMgr if it is installed on the same machine as DevMgr. The resolution is to upgrade to the fixed version as described below or later version of DevMgr 8.6.2-02 or later. RepMgr and TSMgr will be corrected by upgrading DevMgr.
6 CVE-2019-5407 2019-08-09 2020-08-24
6.5
None Remote Low ??? Partial Partial Partial
A remote information disclosure vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
7 CVE-2019-5393 Exec Code 2019-06-05 2020-08-24
6.8
None Remote Low ??? Complete None None
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
8 CVE-2019-3683 732 2020-01-17 2020-10-22
6.5
None Remote Low ??? Partial Partial Partial
The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full "member" role access to every project. This allowed these users to access, modify, create and delete arbitrary resources, contrary to expectations.
9 CVE-2019-3483 200 +Info 2019-03-25 2021-07-21
6.8
None Remote Low ??? Complete None None
Mitigates a potential information leakage issue in ArcSight Logger versions prior to 6.7.
10 CVE-2019-3482 22 Dir. Trav. 2019-03-25 2019-03-25
6.8
None Remote Low ??? Complete None None
Mitigates a directory traversal issue in ArcSight Logger versions prior to 6.7.
11 CVE-2018-7125 Exec Code 2019-06-05 2020-08-24
6.5
None Remote Low ??? Partial Partial Partial
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
12 CVE-2018-7097 352 CSRF 2018-08-14 2018-10-10
6.8
None Remote Medium Not required Partial Partial Partial
A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow cross-site request forgery.
13 CVE-2018-7092 22 Dir. Trav. 2018-08-06 2018-10-05
6.4
None Remote Low Not required None Partial Partial
A potential security vulnerability has been identified in HPE Intelligent Management Center Platform (IMC Plat) 7.3 E0506P09. The vulnerability could be remotely exploited to allow for remote directory traversal leading to arbitrary file deletion.
14 CVE-2018-6503 2018-09-20 2019-10-09
6.8
None Remote Low ??? Complete None None
A potential Access Control vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for vulnerable Access Controls.
15 CVE-2018-6493 89 Sql 2018-05-22 2019-10-09
6.5
None Remote Low ??? Partial Partial Partial
SQL Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow Remote SQL Injection.
16 CVE-2018-5926 295 2019-03-27 2020-02-10
6.4
None Remote Low Not required Partial Partial None
A potential vulnerability has been identified in HP Remote Graphics Software’s certificate authentication process version 7.5.0 and earlier.
17 CVE-2017-14353 94 Exec Code 2017-10-05 2017-11-11
6.8
None Remote Medium Not required Partial Partial Partial
A remote code execution vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33, could be remotely exploited to allow code execution.
18 CVE-2017-12560 22 DoS Dir. Trav. 2018-02-15 2018-02-25
6.8
None Remote Low ??? None None Complete
A Remote Denial of Service vulnerability in HPE Intelligent Management Center (iMC) PLAT version iMC Plat 7.3 E0504P2 was found.
19 CVE-2017-12559 22 DoS Dir. Trav. 2018-02-15 2018-02-25
6.8
None Remote Low ??? None None Complete
A Remote Denial of Service vulnerability in HPE Intelligent Management Center (iMC) PLAT version iMC Plat 7.3 E0504P2 was found.
20 CVE-2017-12555 200 +Info 2018-02-15 2018-03-13
6.8
None Remote Low ??? Complete None None
A remote arbitrary file download and disclosure of information vulnerability in HPE Intelligent Management Center (iMC) Service Operation Management (SOM) version IMC SOM 7.3 E0501 was found.
21 CVE-2017-5826 Exec Code 2018-02-15 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
An authenticated remote code execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.
22 CVE-2017-5825 2018-02-15 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
A privilege escalation vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.
23 CVE-2017-5813 2018-02-15 2019-10-03
6.8
None Remote Medium Not required Partial Partial Partial
A remote unauthenticated access vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.
24 CVE-2017-5799 74 Exec Code 2018-02-15 2018-03-15
6.5
None Remote Low ??? Partial Partial Partial
A Remote Code Execution vulnerability in HPE OpenCall Media Platform (OCMP) was found. The vulnerability impacts OCMP versions prior to 3.4.2 RP201 (for OCMP 3.x), all versions prior to 4.4.7 RP702 (for OCMP 4.x).
25 CVE-2017-5787 DoS 2018-02-15 2018-03-07
6.8
None Remote Low ??? None None Complete
A remote denial of service vulnerability in HPE Version Control Repository Manager (VCRM) in all versions prior to 7.6 was found.
26 CVE-2017-5785 200 +Info 2018-02-15 2018-03-05
6.4
None Remote Low Not required Partial Partial None
A remote information disclosure vulnerability in HPE Matrix Operating Environment version v7.6 was found.
27 CVE-2017-5781 352 CSRF 2018-02-15 2018-03-05
6.8
None Remote Medium Not required Partial Partial Partial
A CSRF vulnerability in HPE Matrix Operating Environment version v7.6 was found.
28 CVE-2016-8534 264 2018-02-15 2018-03-02
6.5
None Remote Low ??? Partial Partial Partial
A remote privilege elevation vulnerability in HPE Matrix Operating Environment version 7.6 was found.
29 CVE-2016-8533 264 2018-02-15 2018-03-02
6.5
None Remote Low ??? Partial Partial Partial
A remote priviledge escalation vulnerability in HPE Matrix Operating Environment version 7.6 was found.
30 CVE-2016-8515 434 2018-02-15 2018-03-06
6.5
None Remote Low ??? Partial Partial Partial
A remote malicious file upload vulnerability in HPE Version Control Repository Manager (VCRM) was found. The problem impacts all versions prior to 7.6.
31 CVE-2016-8513 352 CSRF 2018-02-15 2018-03-07
6.0
None Remote Medium ??? Partial Partial Partial
A Cross-Site Request Forgery (CSRF) vulnerability in HPE Version Control Repository Manager (VCRM) was found. The problem impacts all versions prior to 7.6.
32 CVE-2016-4405 502 Exec Code 2018-08-06 2018-10-05
6.5
None Remote Low ??? Partial Partial Partial
A remote code execution vulnerability was identified in HP Business Service Management (BSM) using Apache Commons Collection Java Deserialization versions v9.20-v9.26
33 CVE-2016-4398 502 Exec Code 2018-08-06 2018-10-05
6.5
None Remote Low ??? Partial Partial Partial
A remote arbitrary code execution vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10 using Java Deserialization.
34 CVE-2016-4390 Exec Code 2016-10-05 2017-07-30
6.8
None Remote Medium Not required Partial Partial Partial
The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4388, and CVE-2016-4389.
35 CVE-2016-4389 Exec Code 2016-10-05 2017-07-30
6.8
None Remote Medium Not required Partial Partial Partial
The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4388, and CVE-2016-4390.
36 CVE-2016-4388 Exec Code 2016-10-05 2017-07-30
6.8
None Remote Medium Not required Partial Partial Partial
The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4389, and CVE-2016-4390.
37 CVE-2016-4387 Exec Code 2016-10-05 2017-07-30
6.8
None Remote Medium Not required Partial Partial Partial
The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4388, CVE-2016-4389, and CVE-2016-4390.
38 CVE-2016-4386 2016-09-29 2017-07-30
6.9
None Local Medium Not required Complete Complete Complete
HPE Network Automation Software 10.10 allows local users to write to arbitrary files via unspecified vectors.
39 CVE-2016-4382 264 Bypass 2016-09-21 2017-08-13
6.0
None Remote Medium ??? Partial Partial Partial
HPE Performance Center 11.52, 12.00, 12.01, 12.20, and 12.50 allows remote attackers to bypass intended access restrictions via unspecified vectors, related to a "remote user validation failure" issue.
40 CVE-2016-4371 352 +Info 2016-06-19 2016-12-16
6.0
None Remote Medium ??? Partial Partial Partial
HPE Service Manager Software 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote authenticated users to obtain sensitive information, modify data, and conduct server-side request forgery (SSRF) attacks via unspecified vectors, related to the Server, Web Client, Windows Client, and Service Request components.
41 CVE-2016-4369 284 Exec Code 2016-06-08 2016-08-24
6.5
None Remote Low ??? Partial Partial Partial
HPE Discovery and Dependency Mapping Inventory (DDMi) 9.30, 9.31, 9.32, 9.32 update 1, 9.32 update 2, and 9.32 update 3 allows remote authenticated users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
42 CVE-2016-4360 2016-06-08 2017-11-03
6.4
None Remote Low Not required None Partial Partial
web/admin/data.js in the Performance Center Virtual Table Server (VTS) component in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 do not restrict file paths sent to an unlink call, which allows remote attackers to delete arbitrary files via the path parameter to data/import_csv, aka ZDI-CAN-3555.
43 CVE-2016-2029 +Info 2016-06-08 2016-08-23
6.4
None Remote Low Not required Partial Partial None
HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-4358.
44 CVE-2016-2018 +Info 2016-06-08 2016-08-24
6.4
None Remote Low Not required Partial Partial None
HPE Systems Insight Manager (SIM) before 7.5.1 allows remote attackers to obtain sensitive information or modify data via unspecified vectors.
45 CVE-2016-2015 200 +Info 2016-05-14 2016-12-01
6.6
None Local Low Not required Complete Complete None
HPE System Management Homepage before 7.5.5 allows local users to obtain sensitive information or modify data via unspecified vectors.
46 CVE-2016-2009 284 Exec Code 2016-05-07 2016-12-01
6.5
None Remote Low ??? Partial Partial Partial
HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
47 CVE-2015-8241 119 DoS Overflow +Info 2015-12-15 2017-09-14
6.4
None Remote Low Not required Partial None Partial
The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.
48 CVE-2015-7942 119 DoS Overflow 2015-11-18 2019-03-08
6.8
None Remote Medium Not required Partial Partial Partial
The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941.
49 CVE-2015-7547 119 DoS Exec Code Overflow 2016-02-18 2021-09-01
6.8
None Remote Medium Not required Partial Partial Partial
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
50 CVE-2015-6864 20 Exec Code 2016-01-16 2016-12-01
6.5
None Remote Low ??? Partial Partial Partial
HPE ArcSight Logger before 6.1P1 allows remote authenticated users to execute arbitrary code via unspecified input to the (1) Intellicus or (2) client-certificate upload component.
Total number of vulnerabilities : 139   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.