# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2021-29220 |
120 |
|
Exec Code Overflow |
2022-02-24 |
2022-03-07 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
Multiple buffer overflow security vulnerabilities have been identified in HPE iLO Amplifier Pack version(s): Prior to 2.12. These vulnerabilities could be exploited by a highly privileged user to remotely execute code that could lead to a loss of confidentiality, integrity, and availability. HPE has provided a software update to resolve this vulnerability in HPE iLO Amplifier Pack. |
2 |
CVE-2021-29212 |
22 |
|
Dir. Trav. |
2021-11-01 |
2021-12-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
A remote unauthenticated directory traversal security vulnerability has been identified in HPE iLO Amplifier Pack versions 1.80, 1.81, 1.90 and 1.95. The vulnerability could be remotely exploited to allow an unauthenticated user to run arbitrary code leading complete impact to confidentiality, integrity, and availability of the iLO Amplifier Pack appliance. |
3 |
CVE-2021-29203 |
306 |
|
DoS Exec Code +Priv Bypass |
2021-05-06 |
2022-07-12 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software, prior to version 1.22. The vulnerability could be remotely exploited to bypass remote authentication leading to execution of arbitrary commands, gaining privileged access, causing denial of service, and changing the configuration. HPE has released a software update to resolve the vulnerability in the HPE Edgeline Infrastructure Manager. |
4 |
CVE-2021-25140 |
22 |
|
DoS Exec Code Dir. Trav. |
2021-02-09 |
2021-02-16 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
A potential security vulnerability has been identified in the HPE Moonshot Provisioning Manager v1.20. The HPE Moonshot Provisioning Manager is an application that is installed in a VMWare or Microsoft Hyper-V environment that is used to setup and configure an HPE Moonshot 1500 chassis. This vulnerability could be remotely exploited by an unauthenticated user to cause a directory traversal in user supplied input to the `khuploadfile.cgi` CGI ELF. The directory traversal could lead to Remote Code Execution, Denial of Service, and/or compromise system integrity. **Note:** HPE recommends that customers discontinue the use of the HPE Moonshot Provisioning Manager. The HPE Moonshot Provisioning Manager application is discontinued, no longer supported, is not available to download from the HPE Support Center, and no patch is available. |
5 |
CVE-2021-25139 |
787 |
|
DoS Exec Code Overflow |
2021-02-09 |
2021-02-16 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
A potential security vulnerability has been identified in the HPE Moonshot Provisioning Manager v1.20. The HPE Moonshot Provisioning Manager is an application that is installed in a VMWare or Microsoft Hyper-V environment that is used to setup and configure an HPE Moonshot 1500 chassis. This vulnerability could be remotely exploited by an unauthenticated user to cause a stack based buffer overflow using user supplied input to the `khuploadfile.cgi` CGI ELF. The stack based buffer overflow could lead to Remote Code Execution, Denial of Service, and/or compromise system integrity. **Note:** HPE recommends that customers discontinue the use of the HPE Moonshot Provisioning Manager. The HPE Moonshot Provisioning Manager application is discontinued, no longer supported, is not available to download from the HPE Support Center, and no patch is available. |
6 |
CVE-2020-24652 |
917 |
|
Exec Code |
2020-10-19 |
2020-10-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
A addvsiinterfaceinfo expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). |
7 |
CVE-2020-24651 |
917 |
|
Exec Code |
2020-10-19 |
2020-10-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
A syslogtempletselectwin expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). |
8 |
CVE-2020-24650 |
917 |
|
Exec Code |
2020-10-19 |
2020-10-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
A legend expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). |
9 |
CVE-2020-24649 |
20 |
|
Exec Code |
2020-10-19 |
2020-10-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
A remote bytemessageresource transformentity" input validation code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). |
10 |
CVE-2020-24648 |
502 |
|
Exec Code |
2020-10-19 |
2020-10-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
A accessmgrservlet classname deserialization of untrusted data remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). |
11 |
CVE-2020-24647 |
20 |
|
Exec Code |
2020-10-19 |
2020-10-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
A remote accessmgrservlet classname input validation code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). |
12 |
CVE-2020-24646 |
787 |
|
Exec Code Overflow |
2020-10-19 |
2020-10-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
A tftpserver stack-based buffer overflow remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). |
13 |
CVE-2020-24630 |
269 |
|
|
2020-10-19 |
2021-07-21 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
A remote operatoronlinelist_content privilege escalation vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). |
14 |
CVE-2020-24629 |
287 |
|
Bypass |
2020-10-19 |
2020-10-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
A remote urlaccesscontroller authentication bypass vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). |
15 |
CVE-2020-7199 |
287 |
|
DoS Exec Code +Priv Bypass |
2020-12-02 |
2020-12-04 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software. The vulnerability could be remotely exploited to bypass remote authentication leading to execution of arbitrary commands, gaining privileged access, causing denial of service, and changing the configuration. |
16 |
CVE-2020-7195 |
917 |
|
Exec Code |
2020-10-19 |
2020-10-21 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
A iccselectrules expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). |
17 |
CVE-2020-7194 |
917 |
|
Exec Code |
2020-10-19 |
2020-10-21 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
A perfaddormoddevicemonitor expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). |
18 |
CVE-2020-7193 |
917 |
|
Exec Code |
2020-10-19 |
2020-10-21 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). |
19 |
CVE-2020-7192 |
917 |
|
Exec Code |
2020-10-19 |
2020-10-21 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
A devicethresholdconfig expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). |
20 |
CVE-2020-7191 |
917 |
|
Exec Code |
2020-10-19 |
2020-10-21 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
A devsoftsel expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). |
21 |
CVE-2020-7190 |
917 |
|
Exec Code |
2020-10-19 |
2020-10-21 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
A deviceselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). |
22 |
CVE-2020-7189 |
917 |
|
Exec Code |
2020-10-19 |
2020-10-21 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
A faultflasheventselectfact expression language injectionremote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). |
23 |
CVE-2020-7188 |
917 |
|
Exec Code |
2020-10-19 |
2020-10-21 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
A userselectpagingcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). |
24 |
CVE-2020-7187 |
917 |
|
Exec Code |
2020-10-19 |
2020-10-21 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
A reportpage index expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). |
25 |
CVE-2020-7186 |
917 |
|
Exec Code |
2020-10-19 |
2020-10-21 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
A powershellconfigcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). |
26 |
CVE-2020-7185 |
917 |
|
Exec Code |
2020-10-19 |
2020-10-21 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
A tvxlanlegend expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). |
27 |
CVE-2020-7184 |
917 |
|
Exec Code |
2020-10-19 |
2020-10-21 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
A viewbatchtaskresultdetailfact expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). |
28 |
CVE-2020-7183 |
917 |
|
Exec Code |
2020-10-19 |
2020-10-21 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
A forwardredirect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). |
29 |
CVE-2020-7182 |
917 |
|
Exec Code |
2020-10-19 |
2020-10-21 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
A sshconfig expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). |
30 |
CVE-2020-7181 |
917 |
|
Exec Code |
2020-10-19 |
2020-10-21 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
A smsrulesdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). |
31 |
CVE-2020-7180 |
917 |
|
Exec Code |
2020-10-19 |
2020-10-21 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
A ictexpertdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). |
32 |
CVE-2020-7179 |
917 |
|
Exec Code |
2020-10-19 |
2020-10-21 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
A thirdpartyperfselecttask expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). |
33 |
CVE-2020-7178 |
917 |
|
Exec Code |
2020-10-19 |
2020-10-21 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
A mediaforaction expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). |
34 |
CVE-2020-7177 |
917 |
|
Exec Code |
2020-10-19 |
2020-10-21 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
A wmiconfigcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). |
35 |
CVE-2020-7176 |
917 |
|
Exec Code |
2020-10-19 |
2020-10-21 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
A viewtaskresultdetailfact expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). |
36 |
CVE-2020-7175 |
917 |
|
Exec Code |
2020-10-19 |
2020-10-21 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
A iccselectdymicparam expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). |
37 |
CVE-2020-7174 |
917 |
|
Exec Code |
2020-10-19 |
2020-10-21 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
A soapconfigcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). |
38 |
CVE-2020-7173 |
917 |
|
Exec Code |
2020-10-19 |
2020-10-21 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
A actionselectcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). |
39 |
CVE-2020-7172 |
74 |
|
Exec Code |
2020-10-19 |
2021-07-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
A templateselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). |
40 |
CVE-2020-7171 |
74 |
|
Exec Code |
2020-10-19 |
2021-07-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
A guidatadetail expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). |
41 |
CVE-2020-7170 |
917 |
|
Exec Code |
2020-10-19 |
2020-10-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
A select expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). |
42 |
CVE-2020-7169 |
917 |
|
Exec Code |
2020-10-19 |
2020-10-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). |
43 |
CVE-2020-7168 |
917 |
|
Exec Code |
2020-10-19 |
2020-10-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
A selectusergroup expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). |
44 |
CVE-2020-7167 |
917 |
|
Exec Code |
2020-10-19 |
2020-10-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
A quicktemplateselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). |
45 |
CVE-2020-7166 |
917 |
|
Exec Code |
2020-10-19 |
2020-10-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
A operatorgrouptreeselectcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). |
46 |
CVE-2020-7165 |
917 |
|
Exec Code |
2020-10-19 |
2020-10-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
A iccselectcommand expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). |
47 |
CVE-2020-7164 |
917 |
|
Exec Code |
2020-10-19 |
2020-10-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
A operationselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). |
48 |
CVE-2020-7163 |
917 |
|
Exec Code |
2020-10-19 |
2020-10-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
A navigationto expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). |
49 |
CVE-2020-7162 |
917 |
|
Exec Code |
2020-10-19 |
2020-10-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
A operatorgroupselectcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). |
50 |
CVE-2020-7161 |
917 |
|
Exec Code |
2020-10-19 |
2020-10-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
A reporttaskselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). |