Hpe
Products by Hpe Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2024 there have been 0 vulnerabilities in Hpe . Last year Hpe had 8 security vulnerabilities published. Right now, Hpe is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 8 | 7.94 |
| 2022 | 7 | 6.94 |
| 2021 | 4 | 6.15 |
| 2020 | 2 | 8.35 |
| 2019 | 3 | 7.63 |
| 2018 | 4 | 6.53 |
It may take a day or so for new Hpe vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Hpe Security Vulnerabilities
A remote code execution issue exists in HPE OneView.
CVE-2023-30912
9.8 - Critical
- October 25, 2023
A remote code execution issue exists in HPE OneView.
The vulnerability could be locally exploited to
CVE-2023-30906
7.8 - High
- July 18, 2023
The vulnerability could be locally exploited to allow escalation of privilege.
A security vulnerability in HPE Insight Remote Support may result in the local disclosure of privileged LDAP information.
CVE-2023-30904
5.5 - Medium
- June 16, 2023
A security vulnerability in HPE Insight Remote Support may result in the local disclosure of privileged LDAP information.
HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens
CVE-2023-28084
5.5 - Medium
- April 25, 2023
HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens
Insufficiently Protected Credentials
An HPE OneView Global Dashboard (OVGD) appliance dump may expose OVGD user account credentials
CVE-2023-28085
5.5 - Medium
- April 14, 2023
An HPE OneView Global Dashboard (OVGD) appliance dump may expose OVGD user account credentials
Pre-auth memory corruption in HPE Serviceguard
CVE-2022-37937
9.8 - Critical
- March 01, 2023
Pre-auth memory corruption in HPE Serviceguard
Memory Corruption
Unauthenticated server side request forgery in HPE Serviceguard Manager
CVE-2022-37938
9.8 - Critical
- March 01, 2023
Unauthenticated server side request forgery in HPE Serviceguard Manager
XSPA
Unauthenticated Java deserialization vulnerability in Serviceguard Manager
CVE-2022-37936
9.8 - Critical
- March 01, 2023
Unauthenticated Java deserialization vulnerability in Serviceguard Manager
Marshaling, Unmarshaling
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Hewlett Packard Enterprise HPE OneView Global Dashboard (OVGD).
CVE-2022-37927
6.1 - Medium
- December 12, 2022
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Hewlett Packard Enterprise HPE OneView Global Dashboard (OVGD).
Open Redirect
A remote disclosure of sensitive information vulnerability was discovered in HPE NonStop DSM/SCM version: T6031H03^ADP
CVE-2022-28621
7.5 - High
- June 28, 2022
A remote disclosure of sensitive information vulnerability was discovered in HPE NonStop DSM/SCM version: T6031H03^ADP. HPE has provided a software update to resolve this vulnerability in HPE NonStop DSM/SCM.
A potential security vulnerability has been identified in the installer of HPE Version Control Repository Manager
CVE-2022-28619
7.8 - High
- June 24, 2022
A potential security vulnerability has been identified in the installer of HPE Version Control Repository Manager. The vulnerability could allow local escalation of privilege. HPE has made the following software update to resolve the vulnerability in HPE Version Control Repository Manager installer 7.6.14.0.
A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays, and HPE Nimble Storage Secondary Flash Arrays which could potentially
CVE-2022-23705
7.5 - High
- May 09, 2022
A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays, and HPE Nimble Storage Secondary Flash Arrays which could potentially allow the upload, but not execution, of unauthorized update binaries to the array. HPE has made the following software updates to resolve the vulnerability in HPE Nimble Storage: 5.0.10.100 or later, 5.2.1.0 or later, 6.0.0.100 or later.
A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays
CVE-2022-23703
7.5 - High
- April 12, 2022
A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays during update. This would potentially allow an attacker to intercept and modify network communication for software updates initiated by the Nimble appliance. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 5.0.10.100, 5.2.1.500, 6.0.0.100
A remote cross-site scripting vulnerability was discovered in HPE OneView Global Dashboard version(s): Prior to 2.5
CVE-2021-29216
6.1 - Medium
- February 24, 2022
A remote cross-site scripting vulnerability was discovered in HPE OneView Global Dashboard version(s): Prior to 2.5. HPE has provided a software update to resolve this vulnerability in HPE OneView Global Dashboard.
XSS
A remote URL redirection vulnerability was discovered in HPE OneView Global Dashboard version(s): Prior to 2.5
CVE-2021-29217
6.1 - Medium
- February 24, 2022
A remote URL redirection vulnerability was discovered in HPE OneView Global Dashboard version(s): Prior to 2.5. HPE has provided a software update to resolve this vulnerability in HPE OneView Global Dashboard.
Open Redirect
A potential vulnerability has been identified in HPE OneView Global Dashboard release 2.31
CVE-2021-26585
5.5 - Medium
- June 24, 2021
A potential vulnerability has been identified in HPE OneView Global Dashboard release 2.31 which could lead to a local disclosure of privileged information. HPE has provided an update to OneView Global Dashboard. The issue is resolved in 2.32.
A potential security vulnerability has been identified in HPE iLO Amplifier Pack
CVE-2021-26580
6.1 - Medium
- April 01, 2021
A potential security vulnerability has been identified in HPE iLO Amplifier Pack. The vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS). HPE has provided the following software update to resolve the vulnerability in HPE iLO Amplifier Pack: HPE iLO Amplifier Pack 1.95 or later.
XSS
A security vulnerability in HPE Unified Data Management (UDM) could
CVE-2021-26579
5.5 - Medium
- March 30, 2021
A security vulnerability in HPE Unified Data Management (UDM) could allow the local disclosure of privileged information (CWE-321: Use of Hard-coded Cryptographic Key in a product). HPE has provided updates to versions 1.2009.0 and 1.2101.0 of HPE Unified Data Management (UDM). Version 1.2103.0 of HPE Unified Data Management (UDM) removes all hard-coded cryptographic keys.
Use of Hard-coded Credentials
A potential security vulnerability has been identified in HPE Network Orchestrator (NetO) version(s): Prior to 2.5
CVE-2021-26578
7.5 - High
- March 22, 2021
A potential security vulnerability has been identified in HPE Network Orchestrator (NetO) version(s): Prior to 2.5. The vulnerability could be remotely exploited with SQL injection.
SQL Injection
A security vulnerability in HPE Smart Update Manager (SUM) prior to version 8.5.6 could allow remote unauthorized access
CVE-2020-7136
9.8 - Critical
- April 30, 2020
A security vulnerability in HPE Smart Update Manager (SUM) prior to version 8.5.6 could allow remote unauthorized access. Hewlett Packard Enterprise has provided a software update to resolve this vulnerability in HPE Smart Update Manager (SUM) prior to 8.5.6. Please visit the HPE Support Center at https://support.hpe.com/hpesc/public/home to download the latest version of HPE Smart Update Manager (SUM). Download the latest version of HPE Smart Update Manager (SUM) or download the latest Service Pack For ProLiant (SPP).
Potential security vulnerabilities have been identified in HPE OpenCall Media Platform (OCMP) resulting in remote arbitrary file download and cross site scripting
CVE-2019-11999
6.9 - Medium
- April 16, 2020
Potential security vulnerabilities have been identified in HPE OpenCall Media Platform (OCMP) resulting in remote arbitrary file download and cross site scripting. HPE has made the following updates available to resolve the vulnerability in the impacted versions of OCMP. * For OCMP version 4.4.X - please upgrade to OCMP 4.4.8 and then install RP806 * For OCMP 4.5.x please contact HPE Technical Support to obtain the necessary software updates.
XSS
A Remote Unauthorized Access vulnerability was identified in HPE Smart Update Manager (SUM) earlier than version 8.3.5.
CVE-2019-11988
9.8 - Critical
- June 05, 2019
A Remote Unauthorized Access vulnerability was identified in HPE Smart Update Manager (SUM) earlier than version 8.3.5.
A security vulnerability in HPE Smart Update Manager (SUM) prior to v8.4 could
CVE-2019-11987
7.8 - High
- June 05, 2019
A security vulnerability in HPE Smart Update Manager (SUM) prior to v8.4 could allow local unauthorized elevation of privilege.
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free
CVE-2019-7317
5.3 - Medium
- February 04, 2019
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.
Dangling pointer
HPE StorageWorks XP7 Automation Director (AutoDir) version 8.5.2-02 to earlier than 8.6.1-00 has a local and remote authentication bypass vulnerability
CVE-2018-7108
5.9 - Medium
- September 27, 2018
HPE StorageWorks XP7 Automation Director (AutoDir) version 8.5.2-02 to earlier than 8.6.1-00 has a local and remote authentication bypass vulnerability that exposed the user authentication information of the storage system. This problem sometimes occurred under specific conditions when running a service template.
authentification
A potential security vulnerability has been identified in HPE Device Entitlement Gateway (DEG) v3.2.4, v3.3 and v3.3.1
CVE-2018-7107
8.8 - High
- September 27, 2018
A potential security vulnerability has been identified in HPE Device Entitlement Gateway (DEG) v3.2.4, v3.3 and v3.3.1. The vulnerability could be remotely exploited to allow local SQL injection and elevation of privilege.
SQL Injection
A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-5.0.0.0-22913(GA)
CVE-2018-7094
5.5 - Medium
- August 14, 2018
A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-5.0.0.0-22913(GA). The vulnerability may be exploited locally to allow disclosure of privileged information.
An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9
CVE-2016-9042
5.9 - Medium
- June 04, 2018
An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition.
Improper Input Validation
Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94
CVE-2017-6458
8.8 - High
- March 27, 2017
Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable.
Buffer Overflow