# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2021-29214 |
|
|
|
2021-12-10 |
2022-07-12 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
A security vulnerability has been identified in HPE StoreServ Management Console (SSMC). An authenticated SSMC administrator could exploit the vulnerability to inject code and elevate their privilege in SSMC. The scope of this vulnerability is limited to SSMC. Note: The arrays being managed are not impacted by this vulnerability. This vulnerability impacts SSMC versions 3.4 GA to 3.8.1. |
2 |
CVE-2020-11853 |
|
|
Exec Code |
2020-10-22 |
2022-11-16 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9.51, 9.50 and 9.40 with uCMDB 10.33 CUP 3 3.) Data Center Automation affected version 2019.11 4.) Operations Bridge (containerized) affecting versions: 2019.11, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05, 2018.02, 2017.11 5.) Universal CMDB affecting version: 2020.05, 2019.11, 2019.05, 2019.02, 2018.11, 2018.08, 2018.05, 11, 10.33, 10.32, 10.31, 10.30 6.) Hybrid Cloud Management affecting version 2020.05 7.) Service Management Automation affecting version 2020.5 and 2020.02. The vulnerability could allow to execute arbitrary code. |
3 |
CVE-2020-7198 |
269 |
|
|
2020-11-06 |
2021-07-21 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer. HPE has provided updates to Oneview and Synergy Composer: Update to version 5.5 of OneView, Composer, or Composer2. |
4 |
CVE-2020-6922 |
|
|
|
2022-02-16 |
2022-09-08 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software. |
5 |
CVE-2020-6921 |
|
|
|
2022-02-16 |
2022-09-08 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software. |
6 |
CVE-2020-6919 |
|
|
|
2022-02-16 |
2022-09-08 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software. |
7 |
CVE-2020-6918 |
|
|
|
2022-02-16 |
2022-09-08 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software. |
8 |
CVE-2020-6917 |
|
|
|
2022-02-16 |
2022-09-08 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software. |
9 |
CVE-2019-11946 |
310 |
|
|
2019-06-05 |
2021-07-21 |
6.8 |
None |
Remote |
Low |
??? |
Complete |
None |
None |
A remote credential disclosure vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. |
10 |
CVE-2019-11655 |
434 |
|
|
2019-10-04 |
2019-10-10 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
Unrestricted file upload vulnerability in Micro Focus ArcSight Logger, version 6.7.0 and later. This vulnerability could allow Unrestricted Upload of File with Dangerous type. |
11 |
CVE-2019-5408 |
|
|
|
2019-08-09 |
2020-08-24 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
Command View Advanced Edition (CVAE) products contain a vulnerability that could expose configuration information of hosts and storage systems that are managed by Device Manager server. This problem is due to a vulnerability in Device Manager GUI. The following products are affected. DevMgr version 7.0.0-00 to earlier than 8.6.1-02 RepMgr if it is installed on the same machine as DevMgr TSMgr if it is installed on the same machine as DevMgr. The resolution is to upgrade to the fixed version as described below or later version of DevMgr 8.6.2-02 or later. RepMgr and TSMgr will be corrected by upgrading DevMgr. |
12 |
CVE-2019-5407 |
|
|
|
2019-08-09 |
2020-08-24 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
A remote information disclosure vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1. |
13 |
CVE-2019-5393 |
|
|
Exec Code |
2019-06-05 |
2020-08-24 |
6.8 |
None |
Remote |
Low |
??? |
Complete |
None |
None |
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. |
14 |
CVE-2019-3683 |
732 |
|
|
2020-01-17 |
2020-10-22 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full "member" role access to every project. This allowed these users to access, modify, create and delete arbitrary resources, contrary to expectations. |
15 |
CVE-2019-3483 |
200 |
|
+Info |
2019-03-25 |
2021-07-21 |
6.8 |
None |
Remote |
Low |
??? |
Complete |
None |
None |
Mitigates a potential information leakage issue in ArcSight Logger versions prior to 6.7. |
16 |
CVE-2019-3482 |
22 |
|
Dir. Trav. |
2019-03-25 |
2019-03-25 |
6.8 |
None |
Remote |
Low |
??? |
Complete |
None |
None |
Mitigates a directory traversal issue in ArcSight Logger versions prior to 6.7. |
17 |
CVE-2019-2698 |
|
|
|
2019-04-23 |
2022-08-12 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). |
18 |
CVE-2019-2697 |
|
|
|
2019-04-23 |
2022-08-12 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). |
19 |
CVE-2018-7125 |
|
|
Exec Code |
2019-06-05 |
2020-08-24 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. |
20 |
CVE-2018-7097 |
352 |
|
CSRF |
2018-08-14 |
2018-10-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow cross-site request forgery. |
21 |
CVE-2018-7092 |
22 |
|
Dir. Trav. |
2018-08-06 |
2018-10-05 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
A potential security vulnerability has been identified in HPE Intelligent Management Center Platform (IMC Plat) 7.3 E0506P09. The vulnerability could be remotely exploited to allow for remote directory traversal leading to arbitrary file deletion. |
22 |
CVE-2018-6503 |
|
|
|
2018-09-20 |
2019-10-09 |
6.8 |
None |
Remote |
Low |
??? |
Complete |
None |
None |
A potential Access Control vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for vulnerable Access Controls. |
23 |
CVE-2018-6493 |
89 |
|
Sql |
2018-05-22 |
2019-10-09 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
SQL Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow Remote SQL Injection. |
24 |
CVE-2018-5926 |
295 |
|
|
2019-03-27 |
2020-02-10 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
A potential vulnerability has been identified in HP Remote Graphics Software’s certificate authentication process version 7.5.0 and earlier. |
25 |
CVE-2018-3183 |
|
|
|
2018-10-17 |
2022-06-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Scripting). Supported versions that are affected are Java SE: 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H). |
26 |
CVE-2018-3180 |
|
|
DoS |
2018-10-17 |
2022-06-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L). |
27 |
CVE-2017-14353 |
94 |
|
Exec Code |
2017-10-05 |
2017-11-11 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A remote code execution vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33, could be remotely exploited to allow code execution. |
28 |
CVE-2017-12560 |
22 |
|
DoS Dir. Trav. |
2018-02-15 |
2018-02-25 |
6.8 |
None |
Remote |
Low |
??? |
None |
None |
Complete |
A Remote Denial of Service vulnerability in HPE Intelligent Management Center (iMC) PLAT version iMC Plat 7.3 E0504P2 was found. |
29 |
CVE-2017-12559 |
22 |
|
DoS Dir. Trav. |
2018-02-15 |
2018-02-25 |
6.8 |
None |
Remote |
Low |
??? |
None |
None |
Complete |
A Remote Denial of Service vulnerability in HPE Intelligent Management Center (iMC) PLAT version iMC Plat 7.3 E0504P2 was found. |
30 |
CVE-2017-12555 |
200 |
|
+Info |
2018-02-15 |
2018-03-13 |
6.8 |
None |
Remote |
Low |
??? |
Complete |
None |
None |
A remote arbitrary file download and disclosure of information vulnerability in HPE Intelligent Management Center (iMC) Service Operation Management (SOM) version IMC SOM 7.3 E0501 was found. |
31 |
CVE-2017-5826 |
|
|
Exec Code |
2018-02-15 |
2019-10-03 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
An authenticated remote code execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found. |
32 |
CVE-2017-5825 |
|
|
|
2018-02-15 |
2019-10-03 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
A privilege escalation vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found. |
33 |
CVE-2017-5813 |
|
|
|
2018-02-15 |
2019-10-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A remote unauthenticated access vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found. |
34 |
CVE-2017-5799 |
74 |
|
Exec Code |
2018-02-15 |
2018-03-15 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
A Remote Code Execution vulnerability in HPE OpenCall Media Platform (OCMP) was found. The vulnerability impacts OCMP versions prior to 3.4.2 RP201 (for OCMP 3.x), all versions prior to 4.4.7 RP702 (for OCMP 4.x). |
35 |
CVE-2017-5787 |
|
|
DoS |
2018-02-15 |
2018-03-07 |
6.8 |
None |
Remote |
Low |
??? |
None |
None |
Complete |
A remote denial of service vulnerability in HPE Version Control Repository Manager (VCRM) in all versions prior to 7.6 was found. |
36 |
CVE-2017-5785 |
200 |
|
+Info |
2018-02-15 |
2018-03-05 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
A remote information disclosure vulnerability in HPE Matrix Operating Environment version v7.6 was found. |
37 |
CVE-2017-5781 |
352 |
|
CSRF |
2018-02-15 |
2018-03-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A CSRF vulnerability in HPE Matrix Operating Environment version v7.6 was found. |
38 |
CVE-2016-8534 |
264 |
|
|
2018-02-15 |
2018-03-02 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
A remote privilege elevation vulnerability in HPE Matrix Operating Environment version 7.6 was found. |
39 |
CVE-2016-8533 |
264 |
|
|
2018-02-15 |
2018-03-02 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
A remote priviledge escalation vulnerability in HPE Matrix Operating Environment version 7.6 was found. |
40 |
CVE-2016-8515 |
434 |
|
|
2018-02-15 |
2018-03-06 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
A remote malicious file upload vulnerability in HPE Version Control Repository Manager (VCRM) was found. The problem impacts all versions prior to 7.6. |
41 |
CVE-2016-8513 |
352 |
|
CSRF |
2018-02-15 |
2018-03-07 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
A Cross-Site Request Forgery (CSRF) vulnerability in HPE Version Control Repository Manager (VCRM) was found. The problem impacts all versions prior to 7.6. |
42 |
CVE-2016-5387 |
|
|
|
2016-07-19 |
2022-09-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability. |
43 |
CVE-2016-4405 |
502 |
|
Exec Code |
2018-08-06 |
2018-10-05 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
A remote code execution vulnerability was identified in HP Business Service Management (BSM) using Apache Commons Collection Java Deserialization versions v9.20-v9.26 |
44 |
CVE-2016-4398 |
502 |
|
Exec Code |
2018-08-06 |
2018-10-05 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
A remote arbitrary code execution vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10 using Java Deserialization. |
45 |
CVE-2016-4390 |
|
|
Exec Code |
2016-10-05 |
2017-07-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4388, and CVE-2016-4389. |
46 |
CVE-2016-4389 |
|
|
Exec Code |
2016-10-05 |
2017-07-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4388, and CVE-2016-4390. |
47 |
CVE-2016-4388 |
|
|
Exec Code |
2016-10-05 |
2017-07-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4389, and CVE-2016-4390. |
48 |
CVE-2016-4387 |
|
|
Exec Code |
2016-10-05 |
2017-07-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4388, CVE-2016-4389, and CVE-2016-4390. |
49 |
CVE-2016-4386 |
|
|
|
2016-09-29 |
2017-07-30 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
HPE Network Automation Software 10.10 allows local users to write to arbitrary files via unspecified vectors. |
50 |
CVE-2016-4382 |
264 |
|
Bypass |
2016-09-21 |
2017-08-13 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
HPE Performance Center 11.52, 12.00, 12.01, 12.20, and 12.50 allows remote attackers to bypass intended access restrictions via unspecified vectors, related to a "remote user validation failure" issue. |