Skip to main content

HP

651 CVEs vendor

Monthly

CVE-2019-6334 CRITICAL Act Now

HP LaserJet, PageWide, OfficeJet Enterprise, and LaserJet Managed Printers have a solution to check application signature that may allow potential execution of arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP RCE Futuresmart 3 Futuresmart 4
NVD
CVSS 3.1
9.8
EPSS
3.6%
CVE-2019-10444 Maven MEDIUM PATCH This Month

Jenkins Bumblebee HP ALM Plugin 4.1.3 and earlier unconditionally disabled SSL/TLS and hostname verification for connections to HP ALM. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP Jenkins Information Disclosure Bumblebee Hp Alm
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2019-6333 MEDIUM This Month

A potential security vulnerability has been identified with certain versions of HP Touchpoint Analytics prior to version 4.1.4.2827. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

HP RCE Touchpoint Analytics
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2019-5401 MEDIUM This Month

A potential security vulnerability has been identified in HP2910al-48G version W.15.14.0016. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba XSS HP Hp2910Al 48G Firmware
NVD
CVSS 3.0
4.8
EPSS
0.5%
CVE-2019-4236 MEDIUM PATCH This Month

A IBM Spectrum Protect 7.l client backup or archive operation running for an HP-UX VxFS object is silently skipping Access Control List (ACL) entries from backup or archive if there are more than. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

HP IBM Information Disclosure Spectrum Protect
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2019-11989 MEDIUM This Month

A security vulnerability in HPE IceWall SSO Agent Option and IceWall MFA (Agent module ) could be exploited remotely to cause a denial of service. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service HP Red Hat Microsoft Apache +2
NVD
CVSS 3.0
5.9
EPSS
1.7%
CVE-2019-6329 HIGH This Week

HP Support Assistant 8.7.50 and earlier allows a user to gain system privilege and allows unauthorized modification of directories or files. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass HP Support Assistant
NVD
CVSS 3.1
7.8
EPSS
1.6%
CVE-2019-6328 HIGH This Week

HP Support Assistant 8.7.50 and earlier allows a user to gain system privilege and allows unauthorized modification of directories or files. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass HP Support Assistant
NVD
CVSS 3.0
7.8
EPSS
0.7%
CVE-2019-6327 CRITICAL Act Now

HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP Buffer Overflow Laserjet Pro M280 M281 T6B80A Firmware Laserjet Pro M280 M281 T6B83A Firmware Laserjet Pro M280 M281 T6B81A Firmware +7
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2019-6326 HIGH This Week

HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Buffer Overflow T6B80A Firmware T6B83A Firmware T6B81A Firmware +7
NVD
CVSS 3.0
7.2
EPSS
1.7%
CVE-2019-6325 HIGH This Week

HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP CSRF T6B80A Firmware T6B83A Firmware T6B81A Firmware +7
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2019-6324 MEDIUM This Month

HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS HP T6B80A Firmware T6B83A Firmware T6B81A Firmware +7
NVD
CVSS 3.0
4.8
EPSS
0.7%
CVE-2019-6323 MEDIUM This Month

HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS HP T6B80A Firmware T6B83A Firmware T6B81A Firmware +7
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2019-6322 MEDIUM PATCH This Month

HP has identified a security vulnerability with some versions of Workstation BIOS (UEFI Firmware) where the runtime BIOS code could be tampered with if the TPM is disabled. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

HP Information Disclosure Z4 G4 Workstation Firmware Z4 G4 Core X Workstation Firmware Z6 G4 Workstation Firmware +1
NVD
CVSS 3.0
6.8
EPSS
1.2%
CVE-2019-6321 HIGH PATCH This Week

HP has identified a security vulnerability with some versions of Workstation BIOS (UEFI Firmware) where the runtime BIOS code could be tampered with if the TPM is disabled. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

HP Information Disclosure Z4 G4 Workstation Firmware Z4 G4 Core X Workstation Firmware Z6 G4 Workstation Firmware +1
NVD
CVSS 3.0
7.2
EPSS
1.5%
CVE-2019-6318 CRITICAL Act Now

HP LaserJet Enterprise printers, HP PageWide Enterprise printers, HP LaserJet Managed printers, HP Officejet Enterprise printers have an insufficient solution bundle signature validation that. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack HP RCE Color Laserjet Cm4540 Mfp Firmware Color Laserjet Enterprise Cp5525 Firmware +141
NVD
CVSS 3.0
9.8
EPSS
2.6%
CVE-2019-9743 HIGH This Week

An issue was discovered on PHOENIX CONTACT RAD-80211-XD and RAD-80211-XD/HP-BUS devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Command Injection Rad 80211 Xd Hp Bus Firmware Rad 80211 Xd Firmware
NVD
CVSS 3.0
8.8
EPSS
3.5%
CVE-2018-20129 HIGH POC This Week

An issue was discovered in DedeCMS V5.7 SP2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

HP Code Injection RCE PHP Dedecms
NVD
CVSS 3.0
8.8
EPSS
8.2%
CVE-2018-5921 HIGH This Week

A potential security vulnerability has been identified with certain HP printers and MFPs in 2405129_000052 and other firmware versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP CSRF F2A70A Firmware F2A71A Firmware F2A67A Firmware +191
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-14079 HIGH This Week

Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attackers to obtain sensitive information via /Status/SystemStatusRpm.esp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP Information Disclosure Smart Hp Wmt
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-14078 CRITICAL Act Now

Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attackers to reset the admin password via the /ConfigWizard/ChangePwd.esp?2admin URL (Attackers can login using the "admin" username. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP Authentication Bypass Smart Hp Wmt
NVD
CVSS 3.0
9.8
EPSS
2.2%
CVE-2018-14077 HIGH This Week

Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attackers to backup the device configuration via a direct request to /Maintenance/configfile.cfg. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP Authentication Bypass Smart Hp Wmt
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-7100 MEDIUM This Month

A potential security vulnerability has been identified in HPE OfficeConnect 1810 Switch Series (HP 1810-24G - P.2.22 and previous versions, HP 1810-48G PK.1.34 and previous versions, HP 1810-8 v2. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

HP Information Disclosure Officeconnect 1810 24G Switch Firmware Officeconnect 1810 48G Switch Firmware Officeconnect 1810 8 V2 Switch Firmware
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2018-5925 HIGH POC THREAT This Week

A security vulnerability has been identified with certain HP Inkjet printers. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

HP RCE Buffer Overflow T8X44 Firmware 3Aw51A Firmware +268
NVD
CVSS 3.0
7.8
EPSS
10.9%
CVE-2018-5924 CRITICAL Act Now

A security vulnerability has been identified with certain HP Inkjet printers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP Memory Corruption RCE Buffer Overflow T8X44 Firmware +269
NVD
CVSS 3.0
9.8
EPSS
12.2%
CVE-2018-6493 HIGH This Week

SQL Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi HP Network Operations Management Ultimate Network Automation
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2018-6492 MEDIUM This Month

Persistent Cross-Site Scripting, and non-persistent HTML Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP XSS Network Operations Management Ultimate Network Automation
NVD
CVSS 3.0
6.1
EPSS
1.6%
CVE-2018-6494 MEDIUM This Month

Remote SQL Injection against the HP Service Manager Software Web Tier, version 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, may lead to unauthorized disclosure of data. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi HP Service Manager
NVD
CVSS 3.1
5.4
EPSS
1.2%
CVE-2018-0733 MEDIUM This Month

Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only comparing the least significant bit of each byte. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

HP OpenSSL Information Disclosure
NVD
CVSS 3.0
5.9
EPSS
8.6%
CVE-2017-14358 MEDIUM This Month

A URL redirection to untrusted site vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect HP Arcsight Enterprise Security Manager Arcsight Enterprise Security Manager Express
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-14357 MEDIUM This Month

A Reflected and Stored Cross-Site Scripting (XSS) vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS HP Arcsight Enterprise Security Manager Arcsight Enterprise Security Manager Express
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-14356 CRITICAL Act Now

An SQL Injection vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP SQLi Arcsight Enterprise Security Manager Arcsight Enterprise Security Manager Express
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2017-14354 MEDIUM This Month

A remote cross-site scripting vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33 could be remotely exploited to allow cross-site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS HP Ucmdb Foundation Software
NVD
CVSS 3.0
6.1
EPSS
0.5%
CVE-2017-14353 HIGH This Week

A remote code execution vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33, could be remotely exploited to allow code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE HP Code Injection Ucmdb Foundation Software
NVD
CVSS 3.0
8.8
EPSS
1.4%
CVE-2017-14352 MEDIUM This Month

A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS HP Ucmdb Configuration Manager
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-14351 CRITICAL Act Now

A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE HP Ucmdb Configuration Manager
NVD
CVSS 3.0
9.8
EPSS
2.6%
CVE-2015-0839 HIGH This Week

The hp-plugin utility in HP Linux Imaging and Printing (HPLIP) makes it easier for man-in-the-middle attackers to execute arbitrary code by leveraging use of a short GPG key id from a keyserver to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE HP Linux Imaging And Printing
NVD
CVSS 3.0
8.1
EPSS
0.3%
CVE-2017-8360 MEDIUM POC This Month

Conexant Systems mictray64 task, as used on HP Elite, EliteBook, ProBook, and ZBook systems, leaks sensitive data (keystrokes) to any process. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

HP Microsoft Information Disclosure Mictray64
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2015-5436 HIGH This Week

A potential security vulnerability has been identified with HP Integrated Lights-Out 4 (iLO 4) firmware version 2.11 and later, but prior to version 2.30. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service HP Integrated Lights Out Firmware
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2017-3881 CRITICAL POC KEV THREAT Emergency

A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Cisco HP RCE Apple
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
94.3%
Threat
7.8
CVE-2016-9795 HIGH This Week

The casrvc program in CA Common Services, as used in CA Client Automation 12.8, 12.9, and 14.0; CA SystemEDGE 5.8.2 and 5.9; CA Systems Performance for Infrastructure Managers 12.8 and 12.9; CA. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

HP Information Disclosure Ca Workload Automation Ae Client Automation Systemedge +3
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2016-2246 HIGH PATCH This Week

HP ThinPro 4.4 through 6.1 mishandles the keyboard layout control panel and virtual keyboard application, which allows local users to bypass intended access restrictions and gain privileges via. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

HP Privilege Escalation Thinpro
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-5995 HIGH PATCH This Week

Untrusted search path vulnerability in IBM DB2 9.7 through FP11, 10.1 through FP5, 10.5 before FP8, and 11.1 GA on Linux, AIX, and HP-UX allows local users to gain privileges via a Trojan horse. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

IBM HP Privilege Escalation Db2 Db2 Connect
NVD
CVSS 3.0
7.3
EPSS
0.1%
CVE-2016-4385 HIGH This Week

The RMI service in HP Network Automation Software 9.1x, 9.2x, 10.0x before 10.00.02.01, and 10.1x before 10.11.00.01 allows remote attackers to execute arbitrary commands via a crafted serialized. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization HP Java Apache Network Automation
NVD
CVSS 3.0
7.3
EPSS
3.7%
CVE-2016-1999 CRITICAL PATCH Act Now

The server in HP Release Control 9.13, 9.20, and 9.21 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache HP Java Authentication Bypass Release Control
NVD
CVSS 3.0
9.8
EPSS
3.2%
CVE-2016-2016 MEDIUM PATCH This Month

Base-VxFS-50 B.05.00.01 through B.05.00.02, Base-VxFS-501 B.05.01.0 through B.05.01.03, and Base-VxFS-51 B.05.10.00 through B.05.10.02 on HPE HP-UX 11iv3 with VxFS 5.0, VxFS 5.0.1, and VxFS 5.1SP1. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

HP Authentication Bypass Base Vxfs 50 Base Vxfs 501 Base Vxfs 51
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-2245 CRITICAL Act Now

HP Support Assistant before 8.1.52.1 allows remote attackers to bypass authentication via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 14.5% and no vendor patch available.

HP Authentication Bypass Support Assistant
NVD
CVSS 3.0
9.8
EPSS
14.5%
CVE-2016-2244 MEDIUM This Month

HP LaserJet printers and MFPs and OfficeJet Enterprise printers with firmware before 3.7.01 allow remote attackers to obtain sensitive information via unspecified vectors. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

HP Information Disclosure Futuresmart Firmware
NVD
CVSS 3.0
5.9
EPSS
0.7%
CVE-2016-2243 HIGH This Week

Sure Start on HP Commercial PCs 2015 allows local users to cause a denial of service (BIOS recovery failure) by leveraging administrative access. Rated high severity (CVSS 7.9), this vulnerability is low attack complexity. No vendor patch available.

HP Denial Of Service Authentication Bypass 700 Series Firmware 800 Series Firmware +5
NVD
CVSS 3.0
7.9
EPSS
0.0%
CVE-2016-1987 MEDIUM This Month

HPE IPFilter A.11.31.18.21 on HP-UX, when a certain keep-state configuration is enabled, allows remote attackers to cause a denial of service via unspecified UDP packets. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

HP Denial Of Service Hp Ux Ipfilter
NVD
CVSS 3.0
5.9
EPSS
2.2%
CVE-2016-1986 CRITICAL PATCH Act Now

HP Continuous Delivery Automation (CDA) 1.30 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

HP Code Injection Java RCE Apache +1
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2015-6858 LOW Monitor

HP Insight Control server provisioning before 7.5.0 RabbitMQ allows remote attackers to obtain sensitive information via unspecified vectors. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

HP Information Disclosure Insight Management
NVD
CVSS 3.0
3.7
EPSS
0.4%
CVE-2015-5447 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in HP StoreOnce Backup system software before 3.13.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS HP Storeonce Backup System Software
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2015-5446 HIGH This Week

HP StoreOnce Backup system software before 3.13.1 allows remote attackers to execute arbitrary code via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

HP RCE Storeonce Backup System Software
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2015-5445 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in HP StoreOnce Backup system software before 3.13.1 allows remote authenticated users to hijack the authentication of unspecified victims via unknown. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP CSRF Storeonce Backup System Software
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2015-5434 MEDIUM PATCH This Month

HPE Networking Products, originally branded as Comware 5, Comware 7, H3C, or HP, allow remote attackers to bypass intended access restrictions or cause a denial of service via "Virtual routing and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

HP Privilege Escalation Denial Of Service Jg786A Hp Flexfabric 12500 4 Port 100Gbe Cfp Fd Jg787A Hp Flexfabric 12500 4 Port 100Gbe Cfp Fd Taa +85
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2014-5040 MEDIUM This Month

HP Helion Eucalyptus 4.1.x before 4.1.2 and HPE Helion Eucalyptus 4.2.x before 4.2.1 allow remote authenticated users to bypass intended access restrictions and modify arbitrary (1) access key. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

HP Privilege Escalation Eucalyptus
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2015-6857 HIGH This Week

Unspecified vulnerability in Virtual Table Server (VTS) in HP LoadRunner 11.52, 12.00, 12.01, 12.02, and 12.50 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-3138. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

HP RCE Loadrunner Performance Center
NVD
CVSS 2.0
7.2
EPSS
2.3%
CVE-2015-5451 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in HP Operations Orchestration Central 10.x before 10.22.001 allows remote attackers to hijack the authentication of unspecified victims via unknown. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

HP CSRF Operations Orchestration
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-5441 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in HP ArcSight Management Center before 2.1 and ArcSight Logger before 6.1 allow remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS HP Archsight Management Center Arcsight Logger
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2015-6867 HIGH This Week

The vertica-udx-zygote process in HP Vertica 7.1.1 UDx does not require authentication, which allows remote attackers to execute arbitrary commands via a crafted packet, aka ZDI-CAN-2914. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Authentication Bypass Vertica
NVD
CVSS 2.0
7.5
EPSS
0.9%
CVE-2015-6030 HIGH This Week

HP ArcSight Logger 6.0.0.7307.1, ArcSight Command Center 6.8.0.1896.0, and ArcSight Connector Appliance 6.4.0.6881.3 use the root account to execute files owned by the arcsight user, which might. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

HP Privilege Escalation Arcsight Connector Appliance Arcsight Logger Arcsight Command Center +4
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2015-6029 MEDIUM This Month

HP ArcSight Logger before 6.0 P2 does not limit attempts to authenticate to the SOAP interface, which makes it easier for remote attackers to obtain access via a brute-force approach. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Arcsight Logger
NVD
CVSS 2.0
5.0
EPSS
6.9%
CVE-2015-2903 MEDIUM This Month

The CWSAPI SOAP service in HP ArcSight SmartConnectors before 7.1.6 has a hardcoded password, which makes it easier for remote attackers to obtain administrative access by leveraging knowledge of. Rated medium severity (CVSS 6.9). No vendor patch available.

HP Information Disclosure Arcsight Smartconnectors
NVD
CVSS 2.0
6.9
EPSS
0.5%
CVE-2015-2902 MEDIUM This Month

HP ArcSight SmartConnectors before 7.1.6 do not verify X.509 certificates from Logger devices, which allows man-in-the-middle attackers to spoof devices and obtain sensitive information via a crafted. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

HP Information Disclosure Arcsight Smartconnectors
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2015-5448 LOW PATCH Monitor

HP Asset Manager 9.40 and 9.41 before 9.41.11103 P4-rev1 and 9.50 before 9.50.11925 P3 allows local users to obtain sensitive information via unspecified vectors. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

HP Information Disclosure Asset Manager
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2015-7863 MEDIUM This Month

The default configuration of Persistent Accelerite Radia Client Automation (formerly HP Client Automation) 7.9 through 9.1 before 2015-02-19 enables a remote Notify capability without the Extended. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Authentication Bypass Radia Client Automation
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2015-7862 MEDIUM This Month

Persistent Accelerite Radia Client Automation (formerly HP Client Automation) 7.9 through 9.1 before 2015-02-19 improperly implements the Role Based Access Control feature, which might allow remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Privilege Escalation Radia Client Automation
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2015-7861 CRITICAL Act Now

Persistent Accelerite Radia Client Automation (formerly HP Client Automation), possibly before 9.1, allows remote attackers to execute arbitrary code by sending unspecified commands in an environment. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Privilege Escalation RCE Radia Client Automation
NVD
CVSS 2.0
10.0
EPSS
10.0%
CVE-2015-7860 CRITICAL Act Now

Stack-based buffer overflow in the agent in Persistent Accelerite Radia Client Automation (formerly HP Client Automation), possibly before 9.1, allows remote attackers to execute arbitrary code by. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.7% and no vendor patch available.

HP Buffer Overflow RCE Radia Client Automation
NVD
CVSS 2.0
10.0
EPSS
15.7%
CVE-2015-5444 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in HP Smart Profile Server Data Analytics Layer (SPS DAL) 2.3 before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS HP Smart Profile Server Data Analytics Layer
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2015-5443 MEDIUM This Month

HP 3PAR Service Processor SP 4.2.0.GA-29 (GA) SPOCC, SP 4.3.0.GA-17 (GA) SPOCC, and SP 4.3.0-GA-24 (MU1) SPOCC allows remote authenticated users to obtain sensitive information via unspecified. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure 3Par Service Processor Sp
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2015-5435 MEDIUM This Month

Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 3 before 1.85 and 4 before 2.22 allows remote authenticated users to cause a denial of service via unknown vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Denial Of Service Integrated Lights Out 3 Firmware Integrated Lights Out 4 Firmware
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2015-5442 MEDIUM This Month

Unspecified vulnerability in HP Software Update before 5.005.002.002 allows local users to gain privileges via unknown vectors. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

HP Information Disclosure Software Update
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2015-5440 MEDIUM This Month

HP UCMDB 10.00 and 10.01 before 10.01CUP12, 10.10 and 10.11 before 10.11CUP6, and 10.2x before 10.21 allows local users to obtain sensitive information via unspecified vectors. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

HP Information Disclosure Universal Configuration Management Database
NVD
CVSS 2.0
4.9
EPSS
0.2%
CVE-2015-2136 MEDIUM This Month

HP ArcSight Logger before 6.0 P2 allows remote authenticated users to bypass the intended authorization policy via unspecified vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Arcsight Logger
NVD
CVSS 2.0
4.0
EPSS
0.1%
CVE-2015-5426 MEDIUM This Month

Unspecified vulnerability in HP LoadRunner Controller before 12.50 allows local users to gain privileges via unknown vectors, aka ZDI-CAN-2756. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

HP Information Disclosure Loadrunner
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2015-2135 CRITICAL Emergency

Unspecified vulnerability in HP Intelligent Provisioning 1.00 through 1.62(a), 2.00, and 2.10 allows remote attackers to execute arbitrary code via unknown vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 31.6% and no vendor patch available.

HP RCE Intelligent Provisioning
NVD
CVSS 2.0
10.0
EPSS
31.6%
CVE-2015-5368 HIGH This Week

The HP lt4112 LTE/HSPA+ Gobi 4G module with firmware before 12.500.00.15.1803 on EliteBook, ElitePad, Elite, ProBook, Spectre, ZBook, and mt41 Thin Client devices allows remote attackers to modify. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service HP Buffer Overflow RCE Hspa Gobi 4G +38
NVD
CVSS 2.0
7.8
EPSS
2.8%
CVE-2015-5367 MEDIUM This Month

The HP lt4112 LTE/HSPA+ Gobi 4G module with firmware before 12.500.00.15.1803 on EliteBook, ElitePad, Elite, ProBook, Spectre, ZBook, and mt41 Thin Client devices allows local users to gain. Rated medium severity (CVSS 6.9). No vendor patch available.

HP Privilege Escalation Hspa Gobi 4G Lt4112 Lte Elite X2 1010 G2 +36
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2015-5433 MEDIUM This Month

HP Virtual Connect Enterprise Manager (VCEM) SDK before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Virtual Connect Enterprise Manager Sdk
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2015-5432 HIGH This Week

HP Virtual Connect Enterprise Manager (VCEM) SDK before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote attackers to obtain sensitive information or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Virtual Connect Enterprise Manager Sdk
NVD
CVSS 2.0
7.5
EPSS
1.0%
CVE-2015-5431 MEDIUM This Month

HP Matrix Operating Environment before 7.5.0 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Matrix Operating Environment
NVD
CVSS 2.0
6.5
EPSS
0.2%
CVE-2015-5430 MEDIUM This Month

HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Matrix Operating Environment
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2015-5429 HIGH This Week

HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5427 and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Matrix Operating Environment
NVD
CVSS 2.0
7.5
EPSS
1.1%
CVE-2015-5428 HIGH This Week

HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5427 and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Matrix Operating Environment
NVD
CVSS 2.0
7.5
EPSS
1.1%
CVE-2015-5427 HIGH This Week

HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5428 and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Matrix Operating Environment
NVD
CVSS 2.0
7.5
EPSS
1.1%
CVE-2015-5405 MEDIUM This Month

HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information, modify. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Denial Of Service Systems Insight Manager
NVD
CVSS 2.0
6.5
EPSS
0.2%
CVE-2015-5404 HIGH This Week

HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote attackers to obtain sensitive information or modify data via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Systems Insight Manager
NVD
CVSS 2.0
7.5
EPSS
2.1%
CVE-2015-5403 MEDIUM This Month

HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information via. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Systems Insight Manager
NVD
CVSS 2.0
4.0
EPSS
0.2%
EPSS 4% CVSS 9.8
CRITICAL Act Now

HP LaserJet, PageWide, OfficeJet Enterprise, and LaserJet Managed Printers have a solution to check application signature that may allow potential execution of arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP RCE Futuresmart 3 +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Jenkins Bumblebee HP ALM Plugin 4.1.3 and earlier unconditionally disabled SSL/TLS and hostname verification for connections to HP ALM. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP Jenkins Information Disclosure +1
NVD
EPSS 1% CVSS 6.7
MEDIUM This Month

A potential security vulnerability has been identified with certain versions of HP Touchpoint Analytics prior to version 4.1.4.2827. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

HP RCE Touchpoint Analytics
NVD
EPSS 1% CVSS 4.8
MEDIUM This Month

A potential security vulnerability has been identified in HP2910al-48G version W.15.14.0016. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba XSS HP +1
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

A IBM Spectrum Protect 7.l client backup or archive operation running for an HP-UX VxFS object is silently skipping Access Control List (ACL) entries from backup or archive if there are more than. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

HP IBM Information Disclosure +1
NVD
EPSS 2% CVSS 5.9
MEDIUM This Month

A security vulnerability in HPE IceWall SSO Agent Option and IceWall MFA (Agent module ) could be exploited remotely to cause a denial of service. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service HP Red Hat +4
NVD
EPSS 2% CVSS 7.8
HIGH This Week

HP Support Assistant 8.7.50 and earlier allows a user to gain system privilege and allows unauthorized modification of directories or files. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass HP Support Assistant
NVD
EPSS 1% CVSS 7.8
HIGH This Week

HP Support Assistant 8.7.50 and earlier allows a user to gain system privilege and allows unauthorized modification of directories or files. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass HP Support Assistant
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP Buffer Overflow Laserjet Pro M280 M281 T6B80A Firmware +9
NVD
EPSS 2% CVSS 7.2
HIGH This Week

HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Buffer Overflow T6B80A Firmware +9
NVD
EPSS 1% CVSS 8.8
HIGH This Week

HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP CSRF T6B80A Firmware +9
NVD
EPSS 1% CVSS 4.8
MEDIUM This Month

HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS HP T6B80A Firmware +9
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS HP T6B80A Firmware +9
NVD
EPSS 1% CVSS 6.8
MEDIUM PATCH This Month

HP has identified a security vulnerability with some versions of Workstation BIOS (UEFI Firmware) where the runtime BIOS code could be tampered with if the TPM is disabled. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

HP Information Disclosure Z4 G4 Workstation Firmware +3
NVD
EPSS 1% CVSS 7.2
HIGH PATCH This Week

HP has identified a security vulnerability with some versions of Workstation BIOS (UEFI Firmware) where the runtime BIOS code could be tampered with if the TPM is disabled. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

HP Information Disclosure Z4 G4 Workstation Firmware +3
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

HP LaserJet Enterprise printers, HP PageWide Enterprise printers, HP LaserJet Managed printers, HP Officejet Enterprise printers have an insufficient solution bundle signature validation that. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack HP RCE +143
NVD
EPSS 3% CVSS 8.8
HIGH This Week

An issue was discovered on PHOENIX CONTACT RAD-80211-XD and RAD-80211-XD/HP-BUS devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Command Injection Rad 80211 Xd Hp Bus Firmware +1
NVD
EPSS 8% CVSS 8.8
HIGH POC This Week

An issue was discovered in DedeCMS V5.7 SP2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

HP Code Injection RCE +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A potential security vulnerability has been identified with certain HP printers and MFPs in 2405129_000052 and other firmware versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP CSRF F2A70A Firmware +193
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attackers to obtain sensitive information via /Status/SystemStatusRpm.esp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP Information Disclosure Smart Hp Wmt
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attackers to reset the admin password via the /ConfigWizard/ChangePwd.esp?2admin URL (Attackers can login using the "admin" username. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP Authentication Bypass Smart Hp Wmt
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attackers to backup the device configuration via a direct request to /Maintenance/configfile.cfg. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP Authentication Bypass Smart Hp Wmt
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

A potential security vulnerability has been identified in HPE OfficeConnect 1810 Switch Series (HP 1810-24G - P.2.22 and previous versions, HP 1810-48G PK.1.34 and previous versions, HP 1810-8 v2. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

HP Information Disclosure Officeconnect 1810 24G Switch Firmware +2
NVD
EPSS 11% CVSS 7.8
HIGH POC THREAT This Week

A security vulnerability has been identified with certain HP Inkjet printers. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

HP RCE Buffer Overflow +270
NVD
EPSS 12% CVSS 9.8
CRITICAL Act Now

A security vulnerability has been identified with certain HP Inkjet printers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP Memory Corruption RCE +271
NVD
EPSS 2% CVSS 8.8
HIGH This Week

SQL Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi HP Network Operations Management Ultimate +1
NVD
EPSS 2% CVSS 6.1
MEDIUM This Month

Persistent Cross-Site Scripting, and non-persistent HTML Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP XSS Network Operations Management Ultimate +1
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Remote SQL Injection against the HP Service Manager Software Web Tier, version 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, may lead to unauthorized disclosure of data. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi HP Service Manager
NVD
EPSS 9% CVSS 5.9
MEDIUM This Month

Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only comparing the least significant bit of each byte. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

HP OpenSSL Information Disclosure
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

A URL redirection to untrusted site vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect HP Arcsight Enterprise Security Manager +1
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

A Reflected and Stored Cross-Site Scripting (XSS) vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS HP Arcsight Enterprise Security Manager +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

An SQL Injection vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP SQLi Arcsight Enterprise Security Manager +1
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

A remote cross-site scripting vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33 could be remotely exploited to allow cross-site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS HP Ucmdb Foundation Software
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A remote code execution vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33, could be remotely exploited to allow code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE HP Code Injection +1
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS HP Ucmdb Configuration Manager
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE HP Ucmdb Configuration Manager
NVD
EPSS 0% CVSS 8.1
HIGH This Week

The hp-plugin utility in HP Linux Imaging and Printing (HPLIP) makes it easier for man-in-the-middle attackers to execute arbitrary code by leveraging use of a short GPG key id from a keyserver to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE HP Linux Imaging And Printing
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Conexant Systems mictray64 task, as used on HP Elite, EliteBook, ProBook, and ZBook systems, leaks sensitive data (keystrokes) to any process. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

HP Microsoft Information Disclosure +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

A potential security vulnerability has been identified with HP Integrated Lights-Out 4 (iLO 4) firmware version 2.11 and later, but prior to version 2.30. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service HP Integrated Lights Out Firmware
NVD
EPSS 94% 7.8 CVSS 9.8
CRITICAL POC KEV THREAT Emergency

A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Cisco HP RCE +1
NVD Exploit-DB
EPSS 0% CVSS 7.8
HIGH This Week

The casrvc program in CA Common Services, as used in CA Client Automation 12.8, 12.9, and 14.0; CA SystemEDGE 5.8.2 and 5.9; CA Systems Performance for Infrastructure Managers 12.8 and 12.9; CA. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

HP Information Disclosure Ca Workload Automation Ae +5
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

HP ThinPro 4.4 through 6.1 mishandles the keyboard layout control panel and virtual keyboard application, which allows local users to bypass intended access restrictions and gain privileges via. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

HP Privilege Escalation Thinpro
NVD
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Untrusted search path vulnerability in IBM DB2 9.7 through FP11, 10.1 through FP5, 10.5 before FP8, and 11.1 GA on Linux, AIX, and HP-UX allows local users to gain privileges via a Trojan horse. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

IBM HP Privilege Escalation +2
NVD
EPSS 4% CVSS 7.3
HIGH This Week

The RMI service in HP Network Automation Software 9.1x, 9.2x, 10.0x before 10.00.02.01, and 10.1x before 10.11.00.01 allows remote attackers to execute arbitrary commands via a crafted serialized. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization HP Java +2
NVD
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

The server in HP Release Control 9.13, 9.20, and 9.21 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache HP Java +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Base-VxFS-50 B.05.00.01 through B.05.00.02, Base-VxFS-501 B.05.01.0 through B.05.01.03, and Base-VxFS-51 B.05.10.00 through B.05.10.02 on HPE HP-UX 11iv3 with VxFS 5.0, VxFS 5.0.1, and VxFS 5.1SP1. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

HP Authentication Bypass Base Vxfs 50 +2
NVD
EPSS 14% CVSS 9.8
CRITICAL Act Now

HP Support Assistant before 8.1.52.1 allows remote attackers to bypass authentication via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 14.5% and no vendor patch available.

HP Authentication Bypass Support Assistant
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

HP LaserJet printers and MFPs and OfficeJet Enterprise printers with firmware before 3.7.01 allow remote attackers to obtain sensitive information via unspecified vectors. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

HP Information Disclosure Futuresmart Firmware
NVD
EPSS 0% CVSS 7.9
HIGH This Week

Sure Start on HP Commercial PCs 2015 allows local users to cause a denial of service (BIOS recovery failure) by leveraging administrative access. Rated high severity (CVSS 7.9), this vulnerability is low attack complexity. No vendor patch available.

HP Denial Of Service Authentication Bypass +7
NVD
EPSS 2% CVSS 5.9
MEDIUM This Month

HPE IPFilter A.11.31.18.21 on HP-UX, when a certain keep-state configuration is enabled, allows remote attackers to cause a denial of service via unspecified UDP packets. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

HP Denial Of Service Hp Ux Ipfilter
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

HP Continuous Delivery Automation (CDA) 1.30 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

HP Code Injection Java +3
NVD
EPSS 0% CVSS 3.7
LOW Monitor

HP Insight Control server provisioning before 7.5.0 RabbitMQ allows remote attackers to obtain sensitive information via unspecified vectors. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

HP Information Disclosure Insight Management
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in HP StoreOnce Backup system software before 3.13.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS HP Storeonce Backup System Software
NVD
EPSS 1% CVSS 7.5
HIGH This Week

HP StoreOnce Backup system software before 3.13.1 allows remote attackers to execute arbitrary code via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

HP RCE Storeonce Backup System Software
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Cross-site request forgery (CSRF) vulnerability in HP StoreOnce Backup system software before 3.13.1 allows remote authenticated users to hijack the authentication of unspecified victims via unknown. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP CSRF Storeonce Backup System Software
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

HPE Networking Products, originally branded as Comware 5, Comware 7, H3C, or HP, allow remote attackers to bypass intended access restrictions or cause a denial of service via "Virtual routing and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

HP Privilege Escalation Denial Of Service +87
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

HP Helion Eucalyptus 4.1.x before 4.1.2 and HPE Helion Eucalyptus 4.2.x before 4.2.1 allow remote authenticated users to bypass intended access restrictions and modify arbitrary (1) access key. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

HP Privilege Escalation Eucalyptus
NVD
EPSS 2% CVSS 7.2
HIGH This Week

Unspecified vulnerability in Virtual Table Server (VTS) in HP LoadRunner 11.52, 12.00, 12.01, 12.02, and 12.50 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-3138. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

HP RCE Loadrunner +1
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in HP Operations Orchestration Central 10.x before 10.22.001 allows remote attackers to hijack the authentication of unspecified victims via unknown. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

HP CSRF Operations Orchestration
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in HP ArcSight Management Center before 2.1 and ArcSight Logger before 6.1 allow remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS HP Archsight Management Center +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The vertica-udx-zygote process in HP Vertica 7.1.1 UDx does not require authentication, which allows remote attackers to execute arbitrary commands via a crafted packet, aka ZDI-CAN-2914. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Authentication Bypass Vertica
NVD
EPSS 0% CVSS 7.2
HIGH This Week

HP ArcSight Logger 6.0.0.7307.1, ArcSight Command Center 6.8.0.1896.0, and ArcSight Connector Appliance 6.4.0.6881.3 use the root account to execute files owned by the arcsight user, which might. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

HP Privilege Escalation Arcsight Connector Appliance +6
NVD
EPSS 7% CVSS 5.0
MEDIUM This Month

HP ArcSight Logger before 6.0 P2 does not limit attempts to authenticate to the SOAP interface, which makes it easier for remote attackers to obtain access via a brute-force approach. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Arcsight Logger
NVD
EPSS 1% CVSS 6.9
MEDIUM This Month

The CWSAPI SOAP service in HP ArcSight SmartConnectors before 7.1.6 has a hardcoded password, which makes it easier for remote attackers to obtain administrative access by leveraging knowledge of. Rated medium severity (CVSS 6.9). No vendor patch available.

HP Information Disclosure Arcsight Smartconnectors
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

HP ArcSight SmartConnectors before 7.1.6 do not verify X.509 certificates from Logger devices, which allows man-in-the-middle attackers to spoof devices and obtain sensitive information via a crafted. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

HP Information Disclosure Arcsight Smartconnectors
NVD
EPSS 0% CVSS 2.1
LOW PATCH Monitor

HP Asset Manager 9.40 and 9.41 before 9.41.11103 P4-rev1 and 9.50 before 9.50.11925 P3 allows local users to obtain sensitive information via unspecified vectors. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

HP Information Disclosure Asset Manager
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The default configuration of Persistent Accelerite Radia Client Automation (formerly HP Client Automation) 7.9 through 9.1 before 2015-02-19 enables a remote Notify capability without the Extended. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Authentication Bypass Radia Client Automation
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Persistent Accelerite Radia Client Automation (formerly HP Client Automation) 7.9 through 9.1 before 2015-02-19 improperly implements the Role Based Access Control feature, which might allow remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Privilege Escalation Radia Client Automation
NVD
EPSS 10% CVSS 10.0
CRITICAL Act Now

Persistent Accelerite Radia Client Automation (formerly HP Client Automation), possibly before 9.1, allows remote attackers to execute arbitrary code by sending unspecified commands in an environment. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Privilege Escalation RCE +1
NVD
EPSS 16% CVSS 10.0
CRITICAL Act Now

Stack-based buffer overflow in the agent in Persistent Accelerite Radia Client Automation (formerly HP Client Automation), possibly before 9.1, allows remote attackers to execute arbitrary code by. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.7% and no vendor patch available.

HP Buffer Overflow RCE +1
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in HP Smart Profile Server Data Analytics Layer (SPS DAL) 2.3 before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS HP Smart Profile Server Data Analytics Layer
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

HP 3PAR Service Processor SP 4.2.0.GA-29 (GA) SPOCC, SP 4.3.0.GA-17 (GA) SPOCC, and SP 4.3.0-GA-24 (MU1) SPOCC allows remote authenticated users to obtain sensitive information via unspecified. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure 3Par Service Processor Sp
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 3 before 1.85 and 4 before 2.22 allows remote authenticated users to cause a denial of service via unknown vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Denial Of Service Integrated Lights Out 3 Firmware +1
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

Unspecified vulnerability in HP Software Update before 5.005.002.002 allows local users to gain privileges via unknown vectors. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

HP Information Disclosure Software Update
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

HP UCMDB 10.00 and 10.01 before 10.01CUP12, 10.10 and 10.11 before 10.11CUP6, and 10.2x before 10.21 allows local users to obtain sensitive information via unspecified vectors. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

HP Information Disclosure Universal Configuration Management Database
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

HP ArcSight Logger before 6.0 P2 allows remote authenticated users to bypass the intended authorization policy via unspecified vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Arcsight Logger
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

Unspecified vulnerability in HP LoadRunner Controller before 12.50 allows local users to gain privileges via unknown vectors, aka ZDI-CAN-2756. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

HP Information Disclosure Loadrunner
NVD
EPSS 32% CVSS 10.0
CRITICAL Emergency

Unspecified vulnerability in HP Intelligent Provisioning 1.00 through 1.62(a), 2.00, and 2.10 allows remote attackers to execute arbitrary code via unknown vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 31.6% and no vendor patch available.

HP RCE Intelligent Provisioning
NVD
EPSS 3% CVSS 7.8
HIGH This Week

The HP lt4112 LTE/HSPA+ Gobi 4G module with firmware before 12.500.00.15.1803 on EliteBook, ElitePad, Elite, ProBook, Spectre, ZBook, and mt41 Thin Client devices allows remote attackers to modify. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service HP Buffer Overflow +40
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

The HP lt4112 LTE/HSPA+ Gobi 4G module with firmware before 12.500.00.15.1803 on EliteBook, ElitePad, Elite, ProBook, Spectre, ZBook, and mt41 Thin Client devices allows local users to gain. Rated medium severity (CVSS 6.9). No vendor patch available.

HP Privilege Escalation Hspa Gobi 4G +38
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

HP Virtual Connect Enterprise Manager (VCEM) SDK before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Virtual Connect Enterprise Manager Sdk
NVD
EPSS 1% CVSS 7.5
HIGH This Week

HP Virtual Connect Enterprise Manager (VCEM) SDK before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote attackers to obtain sensitive information or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Virtual Connect Enterprise Manager Sdk
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

HP Matrix Operating Environment before 7.5.0 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Matrix Operating Environment
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Matrix Operating Environment
NVD
EPSS 1% CVSS 7.5
HIGH This Week

HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5427 and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Matrix Operating Environment
NVD
EPSS 1% CVSS 7.5
HIGH This Week

HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5427 and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Matrix Operating Environment
NVD
EPSS 1% CVSS 7.5
HIGH This Week

HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5428 and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Matrix Operating Environment
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information, modify. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Denial Of Service Systems Insight Manager
NVD
EPSS 2% CVSS 7.5
HIGH This Week

HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote attackers to obtain sensitive information or modify data via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Systems Insight Manager
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information via. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Systems Insight Manager
NVD
Prev Page 3 of 8 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy