HP HP

Do you want an email whenever new security vulnerabilities are reported in any HP product?

Products by HP Sorted by Most Security Vulnerabilities since 2018

HP Xp7 Command View51 vulnerabilities

Hp Ux34 vulnerabilities

HP Xp P9000 Command View16 vulnerabilities

HP Xp Command View16 vulnerabilities

HP Support Assistant14 vulnerabilities

HP Pc Bios11 vulnerabilities

HP Arcsight Logger9 vulnerabilities

HP Icewall Federation Agent9 vulnerabilities

HP Oneview9 vulnerabilities

HP Icewall File Manager6 vulnerabilities

HP Icewall Sso Agent Option5 vulnerabilities

HP Helion Openstack5 vulnerabilities

HP 3par Service Provider5 vulnerabilities

HP Futuresmart 54 vulnerabilities

HP Ilo Amplifier Pack4 vulnerabilities

HP Icewall Sso4 vulnerabilities

HP Security Manager4 vulnerabilities

HP Thinpro3 vulnerabilities

HP Futuresmart 43 vulnerabilities

HP Apache Based Web Server3 vulnerabilities

HP Icewall Mcrp3 vulnerabilities

HP Aaa Server3 vulnerabilities

HP Service Pack For Proliant2 vulnerabilities

HP Vvos2 vulnerabilities

HP Maintenance Entity2 vulnerabilities

HP Blade Maintenance Entity2 vulnerabilities

Hpe Iot Gcp2 vulnerabilities

HP Xp 9000 Command View2 vulnerabilities

HP Server Migration Pack2 vulnerabilities

HP Futuresmart 32 vulnerabilities

HP Linuxki2 vulnerabilities

HP Network Automation2 vulnerabilities

HP Thinpro Linux2 vulnerabilities

HP 0150a12a1 vulnerability

HP 0231a0av1 vulnerability

HP 0231a65t1 vulnerability

HP 0231a8321 vulnerability

HP 0231a88l1 vulnerability

HP 0235a08f1 vulnerability

HP 0235a08h1 vulnerability

HP 0235a08k1 vulnerability

HP 0235a0as1 vulnerability

HP 0235a0bq1 vulnerability

HP 0235a0bt1 vulnerability

HP 0235a0bu1 vulnerability

HP 0235a0bx1 vulnerability

HP 0235a0c01 vulnerability

HP 0235a0c21 vulnerability

HP 0235a0c41 vulnerability

HP 0235a0ct1 vulnerability

HP 0235a0e31 vulnerability

HP 0235a0g71 vulnerability

HP 0235a0g81 vulnerability

HP 0235a0g91 vulnerability

HP 0235a0ga1 vulnerability

HP 0235a0ge1 vulnerability

HP 0235a0gf1 vulnerability

HP 0235a10b1 vulnerability

HP 0235a10c1 vulnerability

HP 0235a10d1 vulnerability

HP 0235a10e1 vulnerability

HP 0235a10f1 vulnerability

HP 0235a10g1 vulnerability

HP 0235a10h1 vulnerability

HP 0235a10j1 vulnerability

HP 0235a10k1 vulnerability

HP 0235a10l1 vulnerability

HP 0235a14v1 vulnerability

HP 0235a14w1 vulnerability

HP 0235a15b1 vulnerability

HP 0235a15c1 vulnerability

HP 0235a20s1 vulnerability

HP 0235a20v1 vulnerability

HP 0235a21p1 vulnerability

HP 0235a21q1 vulnerability

HP 0235a21x1 vulnerability

HP 0235a22c1 vulnerability

HP 0235a22d1 vulnerability

HP 0235a22k1 vulnerability

HP 0235a22p1 vulnerability

HP 0235a22r1 vulnerability

HP 0235a22t1 vulnerability

HP 0235a2371 vulnerability

@hp Tweets

This #GenderEqualityMonth we recognize our partners, @1MTeachers and @girlrising who are driving systemic change th… https://t.co/xsO4ZAIOuy
Thu Mar 23 19:05:19 +0000 2023

This #InternationalDayofForests, we're thinking of our partners like @ConservationOrg @JaneGoodallInst… https://t.co/FiC6paTvve
Tue Mar 21 17:57:06 +0000 2023

By the Year

In 2023 there have been 9 vulnerabilities in HP with an average score of 8.0 out of ten. Last year HP had 31 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in HP in 2023 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2023 is greater by 0.29.

Year Vulnerabilities Average Score
2023 9 7.99
2022 31 7.70
2021 14 8.07
2020 88 8.99
2019 154 8.02
2018 76 6.63

It may take a day or so for new HP vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent HP Security Vulnerabilities

HPE OneView for VMware vCenter

CVE-2022-37935 5.5 - Medium - March 01, 2023

HPE OneView for VMware vCenter, in certain circumstances, may disclose the HPE OneView Username and Password.

Insufficiently Protected Credentials

Potential security vulnerabilities have been identified in HP Support Assistant

CVE-2022-23453 7.8 - High - February 01, 2023

Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files.

Potential security vulnerabilities have been identified in HP Support Assistant

CVE-2022-23454 7.8 - High - February 01, 2023

Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files.

Potential security vulnerabilities have been identified in HP Support Assistant

CVE-2022-23455 7.8 - High - February 01, 2023

Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files.

HPSFViewer might allow Escalation of Privilege

CVE-2022-3990 7.8 - High - February 01, 2023

HPSFViewer might allow Escalation of Privilege. This potential vulnerability was remediated on July 29th, 2022. Customers who opted for automatic updates should have already received the remediation.

Potential vulnerabilities have been identified in HP Security Manager which may

CVE-2022-46356 8.8 - High - January 30, 2023

Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure.

Potential vulnerabilities have been identified in HP Security Manager which may

CVE-2022-46357 8.8 - High - January 30, 2023

Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure.

Potential vulnerabilities have been identified in HP Security Manager which may

CVE-2022-46358 8.8 - High - January 30, 2023

Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure.

Potential vulnerabilities have been identified in HP Security Manager which may

CVE-2022-46359 8.8 - High - January 30, 2023

Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure.

HP Support Assistant uses HP Performance Tune-up as a diagnostic tool

CVE-2022-38395 7.8 - High - December 12, 2022

HP Support Assistant uses HP Performance Tune-up as a diagnostic tool. HP Support Assistant uses Fusion to launch HP Performance Tune-up. It is possible for an attacker to exploit the DLL hijacking vulnerability and elevate privileges when Fusion launches the HP Performance Tune-up.

DLL preloading

A potential security vulnerability has been identified for certain HP multifunction printers (MFPs)

CVE-2021-3821 9.8 - Critical - December 12, 2022

A potential security vulnerability has been identified for certain HP multifunction printers (MFPs). The vulnerability may lead to Denial of Service when running HP Workpath solutions on potentially affected products.

A vulnerability in NetBatch-Plus software allows unauthorized access to the application

CVE-2022-37931 7.8 - High - November 22, 2022

A vulnerability in NetBatch-Plus software allows unauthorized access to the application. HPE has provided a workaround and fix. Please refer to HPE Security Bulletin HPESBNS04388 for details.

authentification

A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): Prior to 7.0 or 6.60.01

CVE-2022-28625 5.5 - Medium - August 31, 2022

A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): Prior to 7.0 or 6.60.01. A low privileged user could locally exploit this vulnerability to disclose sensitive information resulting in a complete loss of confidentiality, integrity, and availability. To exploit this vulnerability, HPE OneView must be configured with credential access to external repositories. HPE has provided a software update to resolve this vulnerability in HPE OneView.

Insertion of Sensitive Information into Log File

A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s): Prior to 7.0

CVE-2022-28616 9.8 - Critical - May 17, 2022

A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.

XSPA

A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 7.0

CVE-2022-23706 6.1 - Medium - May 17, 2022

A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.

XSS

A remote bypass security restrictions vulnerability was discovered in HPE OneView version(s): Prior to 7.0

CVE-2022-28617 9.8 - Critical - May 17, 2022

A remote bypass security restrictions vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.

authentification

In cifs-utils through 6.14

CVE-2022-27239 7.8 - High - April 27, 2022

In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.

Memory Corruption

A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView version(s): Prior to 6.6

CVE-2022-23698 7.5 - High - April 04, 2022

A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.

A local authentication restriction bypass vulnerability was discovered in HPE OneView version(s): Prior to 6.6

CVE-2022-23699 7.8 - High - April 04, 2022

A local authentication restriction bypass vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.

authentification

A local unauthorized read access to files vulnerability was discovered in HPE OneView version(s): Prior to 6.6

CVE-2022-23700 5.5 - Medium - April 04, 2022

A local unauthorized read access to files vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.

AuthZ

A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 6.6

CVE-2022-23697 6.1 - Medium - April 04, 2022

A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.

XSS

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may

CVE-2022-23924 8.2 - High - March 11, 2022

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may

CVE-2022-23925 8.2 - High - March 11, 2022

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may

CVE-2022-23926 8.2 - High - March 11, 2022

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may

CVE-2022-23927 8.2 - High - March 11, 2022

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may

CVE-2022-23928 8.2 - High - March 11, 2022

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may

CVE-2022-23929 8.2 - High - March 11, 2022

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may

CVE-2022-23930 8.2 - High - March 11, 2022

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may

CVE-2022-23931 8.2 - High - March 11, 2022

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may

CVE-2022-23932 8.2 - High - March 11, 2022

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may

CVE-2022-23933 8.2 - High - March 11, 2022

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may

CVE-2022-23934 8.2 - High - March 11, 2022

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.

Multiple buffer overflow security vulnerabilities have been identified in HPE iLO Amplifier Pack version(s): Prior to 2.12

CVE-2021-29220 7.2 - High - February 24, 2022

Multiple buffer overflow security vulnerabilities have been identified in HPE iLO Amplifier Pack version(s): Prior to 2.12. These vulnerabilities could be exploited by a highly privileged user to remotely execute code that could lead to a loss of confidentiality, integrity, and availability. HPE has provided a software update to resolve this vulnerability in HPE iLO Amplifier Pack.

Classic Buffer Overflow

Potential security vulnerabilities including compromise of integrity, and

CVE-2020-6917 7.8 - High - February 16, 2022

Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software.

Potential security vulnerabilities including compromise of integrity, and

CVE-2020-6918 7.8 - High - February 16, 2022

Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software.

Potential security vulnerabilities including compromise of integrity, and

CVE-2020-6919 7.8 - High - February 16, 2022

Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software.

Potential security vulnerabilities including compromise of integrity, and

CVE-2020-6920 5.5 - Medium - February 16, 2022

Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software.

Potential security vulnerabilities including compromise of integrity, and

CVE-2020-6921 7.8 - High - February 16, 2022

Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software.

Potential security vulnerabilities including compromise of integrity, and

CVE-2020-6922 7.8 - High - February 16, 2022

Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software.

Potential arbitrary file deletion vulnerability has been identified in HP Support Assistant software.

CVE-2022-23456 5.5 - Medium - January 28, 2022

Potential arbitrary file deletion vulnerability has been identified in HP Support Assistant software.

A security vulnerability has been identified in HPE StoreServ Management Console (SSMC)

CVE-2021-29214 7.2 - High - December 10, 2021

A security vulnerability has been identified in HPE StoreServ Management Console (SSMC). An authenticated SSMC administrator could exploit the vulnerability to inject code and elevate their privilege in SSMC. The scope of this vulnerability is limited to SSMC. Note: The arrays being managed are not impacted by this vulnerability. This vulnerability impacts SSMC versions 3.4 GA to 3.8.1.

HP Print and Scan Doctor may potentially be vulnerable to local elevation of privilege.

CVE-2020-6931 7.8 - High - November 03, 2021

HP Print and Scan Doctor may potentially be vulnerable to local elevation of privilege.

Certain HP LaserJet

CVE-2021-39237 4.6 - Medium - November 03, 2021

Certain HP LaserJet, HP LaserJet Managed, HP PageWide, and HP PageWide Managed printers may be vulnerable to potential information disclosure.

Certain HP Enterprise LaserJet

CVE-2021-39238 9.8 - Critical - November 03, 2021

Certain HP Enterprise LaserJet, HP LaserJet Managed, HP Enterprise PageWide, HP PageWide Managed products may be vulnerable to potential buffer overflow.

Classic Buffer Overflow

HP Print and Scan Doctor

CVE-2021-3440 7.8 - High - November 01, 2021

HP Print and Scan Doctor, an application within the HP Smart App for Windows, is potentially vulnerable to local elevation of privilege.

A remote unauthenticated directory traversal security vulnerability has been identified in HPE iLO Amplifier Pack versions 1.80

CVE-2021-29212 9.8 - Critical - November 01, 2021

A remote unauthenticated directory traversal security vulnerability has been identified in HPE iLO Amplifier Pack versions 1.80, 1.81, 1.90 and 1.95. The vulnerability could be remotely exploited to allow an unauthenticated user to run arbitrary code leading complete impact to confidentiality, integrity, and availability of the iLO Amplifier Pack appliance.

Directory traversal

Certain HP Enterprise LaserJet and PageWide MFPs may be vulnerable to stored cross site scripting (XSS).

CVE-2021-3662 5.4 - Medium - October 29, 2021

Certain HP Enterprise LaserJet and PageWide MFPs may be vulnerable to stored cross site scripting (XSS).

XSS

A potential security vulnerability has been identified in the HPE Edgeline Infrastructure Manager

CVE-2021-26586 7.5 - High - August 05, 2021

A potential security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software. The vulnerability could be remotely exploited to disclose sensitive information. HPE has made software updates available to resolve the vulnerability in the HPE Edgeline Infrastructure Manager (EIM).

A security vulnerability in HPE OneView for VMware vCenter (OV4VC) could be exploited remotely to allow Cross-Site Scripting

CVE-2021-26584 6.1 - Medium - June 03, 2021

A security vulnerability in HPE OneView for VMware vCenter (OV4VC) could be exploited remotely to allow Cross-Site Scripting. HPE has released the following software update to resolve the vulnerability in HPE OneView for VMware vCenter (OV4VC).

XSS

A potential buffer overflow in the software drivers for certain HP LaserJet products and Samsung product printers could lead to an escalation of privilege.

CVE-2021-3438 7.8 - High - May 20, 2021

A potential buffer overflow in the software drivers for certain HP LaserJet products and Samsung product printers could lead to an escalation of privilege.

Classic Buffer Overflow

A potential security vulnerability was identified in HPE iLO Amplifier Pack

CVE-2021-26583 9.8 - Critical - May 10, 2021

A potential security vulnerability was identified in HPE iLO Amplifier Pack. The vulnerabilities could be remotely exploited to allow remote code execution.

A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager

CVE-2021-29203 9.8 - Critical - May 06, 2021

A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software, prior to version 1.22. The vulnerability could be remotely exploited to bypass remote authentication leading to execution of arbitrary commands, gaining privileged access, causing denial of service, and changing the configuration. HPE has released a software update to resolve the vulnerability in the HPE Edgeline Infrastructure Manager.

Missing Authentication for Critical Function

A potential security vulnerability has been identified in the HPE Moonshot Provisioning Manager v1.20

CVE-2021-25140 9.8 - Critical - February 09, 2021

A potential security vulnerability has been identified in the HPE Moonshot Provisioning Manager v1.20. The HPE Moonshot Provisioning Manager is an application that is installed in a VMWare or Microsoft Hyper-V environment that is used to setup and configure an HPE Moonshot 1500 chassis. This vulnerability could be remotely exploited by an unauthenticated user to cause a directory traversal in user supplied input to the `khuploadfile.cgi` CGI ELF. The directory traversal could lead to Remote Code Execution, Denial of Service, and/or compromise system integrity. **Note:** HPE recommends that customers discontinue the use of the HPE Moonshot Provisioning Manager. The HPE Moonshot Provisioning Manager application is discontinued, no longer supported, is not available to download from the HPE Support Center, and no patch is available.

Directory traversal

A potential security vulnerability has been identified in the HPE Moonshot Provisioning Manager v1.20

CVE-2021-25139 9.8 - Critical - February 09, 2021

A potential security vulnerability has been identified in the HPE Moonshot Provisioning Manager v1.20. The HPE Moonshot Provisioning Manager is an application that is installed in a VMWare or Microsoft Hyper-V environment that is used to setup and configure an HPE Moonshot 1500 chassis. This vulnerability could be remotely exploited by an unauthenticated user to cause a stack based buffer overflow using user supplied input to the `khuploadfile.cgi` CGI ELF. The stack based buffer overflow could lead to Remote Code Execution, Denial of Service, and/or compromise system integrity. **Note:** HPE recommends that customers discontinue the use of the HPE Moonshot Provisioning Manager. The HPE Moonshot Provisioning Manager application is discontinued, no longer supported, is not available to download from the HPE Support Center, and no patch is available.

Memory Corruption

A potential security vulnerability has been identified in HPE iLO Amplifier Pack server version 1.70

CVE-2020-7203 9.8 - Critical - December 18, 2020

A potential security vulnerability has been identified in HPE iLO Amplifier Pack server version 1.70. The vulnerability could be exploited to allow remote code execution.

A potential security vulnerability has been identified in HPE Systems Insight Manager (SIM) version 7.6

CVE-2020-7200 9.8 - Critical - December 18, 2020

A potential security vulnerability has been identified in HPE Systems Insight Manager (SIM) version 7.6. The vulnerability could be exploited to allow remote code execution.

A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager

CVE-2020-7199 9.8 - Critical - December 02, 2020

A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software. The vulnerability could be remotely exploited to bypass remote authentication leading to execution of arbitrary commands, gaining privileged access, causing denial of service, and changing the configuration.

authentification

There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer

CVE-2020-7198 8.8 - High - November 06, 2020

There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer. HPE has provided updates to Oneview and Synergy Composer: Update to version 5.5 of OneView, Composer, or Composer2.

Improper Privilege Management

SSMC3.7.0.0 is vulnerable to remote authentication bypass

CVE-2020-7197 9.8 - Critical - October 26, 2020

SSMC3.7.0.0 is vulnerable to remote authentication bypass. HPE StoreServ Management Console (SSMC) 3.7.0.0 is an off node multiarray manager web application and remains isolated from data on the managed arrays. HPE has provided an update to HPE StoreServ Management Console (SSMC) software 3.7.0.0* Upgrade to HPE 3PAR StoreServ Management Console 3.7.1.1 or later.

authentification

The HPE BlueData EPIC Software Platform version 4.0 and HPE Ezmeral Container Platform 5.0 use an insecure method of handling sensitive Kerberos passwords

CVE-2020-7196 6.5 - Medium - October 26, 2020

The HPE BlueData EPIC Software Platform version 4.0 and HPE Ezmeral Container Platform 5.0 use an insecure method of handling sensitive Kerberos passwords that is susceptible to unauthorized interception and/or retrieval. Specifically, they display the kdc_admin_password in the source file of the url "/bdswebui/assignusers/".

Insufficiently Protected Credentials

Arbitrary code execution vulnerability affecting multiple Micro Focus products

CVE-2020-11853 8.8 - High - October 22, 2020

Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9.51, 9.50 and 9.40 with uCMDB 10.33 CUP 3 3.) Data Center Automation affected version 2019.11 4.) Operations Bridge (containerized) affecting versions: 2019.11, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05, 2018.02, 2017.11 5.) Universal CMDB affecting version: 2020.05, 2019.11, 2019.05, 2019.02, 2018.11, 2018.08, 2018.05, 11, 10.33, 10.32, 10.31, 10.30 6.) Hybrid Cloud Management affecting version 2020.05 7.) Service Management Automation affecting version 2020.5 and 2020.02. The vulnerability could allow to execute arbitrary code.

A adddevicetoview expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVE-2020-7141 9.8 - Critical - October 19, 2020

A adddevicetoview expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

EL Injection

A tvxlanlegend expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVE-2020-7185 8.8 - High - October 19, 2020

A tvxlanlegend expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

EL Injection

A eventinfo_content expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVE-2020-7142 9.8 - Critical - October 19, 2020

A eventinfo_content expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

EL Injection

A faultdevparasset expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVE-2020-7143 9.8 - Critical - October 19, 2020

A faultdevparasset expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

EL Injection

A comparefilesresult expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVE-2020-7144 9.8 - Critical - October 19, 2020

A comparefilesresult expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

EL Injection

A chooseperfview expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVE-2020-7145 9.8 - Critical - October 19, 2020

A chooseperfview expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

EL Injection

A devgroupselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVE-2020-7146 9.8 - Critical - October 19, 2020

A devgroupselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

EL Injection

A deployselectbootrom expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVE-2020-7147 9.8 - Critical - October 19, 2020

A deployselectbootrom expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

EL Injection

A deployselectsoftware expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVE-2020-7148 9.8 - Critical - October 19, 2020

A deployselectsoftware expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

EL Injection

A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVE-2020-7149 9.8 - Critical - October 19, 2020

A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

EL Injection

A faultstatchoosefaulttype expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVE-2020-7150 9.8 - Critical - October 19, 2020

A faultstatchoosefaulttype expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

EL Injection

A faulttrapgroupselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVE-2020-7151 9.8 - Critical - October 19, 2020

A faulttrapgroupselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

EL Injection

A faultparasset expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVE-2020-7152 9.8 - Critical - October 19, 2020

A faultparasset expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

EL Injection

A iccselectdevtype expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVE-2020-7153 9.8 - Critical - October 19, 2020

A iccselectdevtype expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

EL Injection

A ifviewselectpage expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVE-2020-7154 9.8 - Critical - October 19, 2020

A ifviewselectpage expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

EL Injection

A select expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVE-2020-7155 9.8 - Critical - October 19, 2020

A select expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

EL Injection

A faultinfo_content expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVE-2020-7156 9.8 - Critical - October 19, 2020

A faultinfo_content expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

EL Injection

A selviewnavcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVE-2020-7157 9.8 - Critical - October 19, 2020

A selviewnavcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

EL Injection

A perfselecttask expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVE-2020-7158 9.8 - Critical - October 19, 2020

A perfselecttask expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

EL Injection

A customtemplateselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVE-2020-7159 9.8 - Critical - October 19, 2020

A customtemplateselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

EL Injection

A iccselectdeviceseries expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVE-2020-7160 9.8 - Critical - October 19, 2020

A iccselectdeviceseries expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

EL Injection

A reporttaskselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVE-2020-7161 9.8 - Critical - October 19, 2020

A reporttaskselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

EL Injection

A operatorgroupselectcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVE-2020-7162 9.8 - Critical - October 19, 2020

A operatorgroupselectcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

EL Injection

A navigationto expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVE-2020-7163 9.8 - Critical - October 19, 2020

A navigationto expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

EL Injection

A operationselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVE-2020-7164 9.8 - Critical - October 19, 2020

A operationselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

EL Injection

A iccselectcommand expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVE-2020-7165 9.8 - Critical - October 19, 2020

A iccselectcommand expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

EL Injection

A operatorgrouptreeselectcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVE-2020-7166 9.8 - Critical - October 19, 2020

A operatorgrouptreeselectcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

EL Injection

A quicktemplateselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVE-2020-7167 9.8 - Critical - October 19, 2020

A quicktemplateselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

EL Injection

A selectusergroup expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVE-2020-7168 9.8 - Critical - October 19, 2020

A selectusergroup expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

EL Injection

A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVE-2020-7169 9.8 - Critical - October 19, 2020

A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

EL Injection

A select expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVE-2020-7170 9.8 - Critical - October 19, 2020

A select expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

EL Injection

A guidatadetail expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVE-2020-7171 9.8 - Critical - October 19, 2020

A guidatadetail expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

Injection

A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVE-2020-7193 8.8 - High - October 19, 2020

A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

EL Injection

A remote urlaccesscontroller authentication bypass vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVE-2020-24629 9.8 - Critical - October 19, 2020

A remote urlaccesscontroller authentication bypass vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

authentification

A iccselectrules expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVE-2020-7195 8.8 - High - October 19, 2020

A iccselectrules expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

EL Injection

A perfaddormoddevicemonitor expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVE-2020-7194 8.8 - High - October 19, 2020

A perfaddormoddevicemonitor expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

EL Injection

A devsoftsel expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVE-2020-7191 8.8 - High - October 19, 2020

A devsoftsel expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

EL Injection

A deviceselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVE-2020-7190 8.8 - High - October 19, 2020

A deviceselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

EL Injection

A remote operatoronlinelist_content privilege escalation vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

CVE-2020-24630 8.8 - High - October 19, 2020

A remote operatoronlinelist_content privilege escalation vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

Improper Privilege Management

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.