Skip to main content

HP

651 CVEs vendor

Monthly

CVE-2014-2630 MEDIUM POC THREAT This Month

Unspecified vulnerability in HP Operations Agent 11.00, when Glance is used, allows local users to gain privileges via unknown vectors. Rated medium severity (CVSS 4.4). Public exploit code available and EPSS exploitation probability 12.2%.

HP Information Disclosure Operations Agent
NVD Exploit-DB
CVSS 2.0
4.4
EPSS
12.2%
CVE-2014-2631 MEDIUM This Month

Unspecified vulnerability in HP Application Lifecycle Management (aka Quality Center) 11.5x and 12.0x allows local users to gain privileges via unknown vectors, aka ZDI-CAN-2138. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

HP Information Disclosure Application Lifecycle Management
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2014-2628 MEDIUM This Month

Unspecified vulnerability in HP Enterprise Maps 1 allows remote authenticated users to obtain sensitive information via unknown vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Enterprise Maps
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2014-5160 MEDIUM This Month

Multiple directory traversal vulnerabilities in crs.exe in the Cell Request Service in HP Data Protector allow remote attackers to create arbitrary files via an opcode-1091 request, or create or. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 30.0% and no vendor patch available.

Path Traversal HP Data Protector
NVD
CVSS 2.0
6.4
EPSS
30.0%
CVE-2014-2627 MEDIUM This Month

Unspecified vulnerability in HP NonStop NetBatch G06.14 through G06.32.01, H06 through H06.28, and J06 through J06.17.01 allows remote authenticated users to gain privileges for NetBatch job. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

HP Information Disclosure Nonstop Netbatch
NVD
CVSS 2.0
5.2
EPSS
0.2%
CVE-2013-4840 HIGH This Week

Unspecified vulnerability in HP and H3C VPN Firewall Module products SECPATH1000FE before 5.20.R3177 and SECBLADEFW before 5.20.R3177 allows remote attackers to cause a denial of service via unknown. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Denial Of Service Secbladefw Secpath1000Fe F1000 E Vpn Firewall +12
NVD
CVSS 2.0
7.8
EPSS
1.4%
CVE-2014-2626 CRITICAL Emergency

Directory traversal vulnerability in the toServerObject function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to create files, and consequently execute. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 40.4% and no vendor patch available.

Path Traversal HP RCE Network Virtualization
NVD
CVSS 2.0
9.4
EPSS
40.4%
CVE-2014-2625 HIGH This Week

Directory traversal vulnerability in the storedNtxFile function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to read arbitrary files via crafted input,. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal HP Network Virtualization
NVD
CVSS 2.0
8.5
EPSS
8.7%
CVE-2014-2623 CRITICAL POC THREAT Emergency

Unspecified vulnerability in HP Storage Data Protector 8.x allows remote attackers to execute arbitrary code via unknown vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 89.8%.

HP RCE Storage Data Protector
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
89.8%
Threat
6.2
CVE-2014-2622 HIGH This Week

Unspecified vulnerability in HP Intelligent Management Center (iMC) before 7.0 E02020P03 and Branch Intelligent Management System (BIMS) before 7.0 E0201P02 allows remote authenticated users to. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Imc Branch Intelligent Management System Software Module Intelligent Management Center
NVD
CVSS 2.0
8.5
EPSS
0.3%
CVE-2014-2621 HIGH This Week

Unspecified vulnerability in HP Intelligent Management Center (iMC) before 7.0 E02020P03 and Branch Intelligent Management System (BIMS) before 7.0 E0201P02 allows remote attackers to obtain. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Imc Branch Intelligent Management System Software Module Intelligent Management Center
NVD
CVSS 2.0
7.8
EPSS
1.5%
CVE-2014-2620 HIGH This Week

Unspecified vulnerability in HP Intelligent Management Center (iMC) before 7.0 E02020P03 and Branch Intelligent Management System (BIMS) before 7.0 E0201P02 allows remote attackers to obtain. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Imc Branch Intelligent Management System Software Module Intelligent Management Center
NVD
CVSS 2.0
7.8
EPSS
1.5%
CVE-2014-2619 HIGH This Week

Unspecified vulnerability in HP Intelligent Management Center (iMC) before 7.0 E02020P03 and Branch Intelligent Management System (BIMS) before 7.0 E0201P02 allows remote attackers to obtain. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Imc Branch Intelligent Management System Software Module Intelligent Management Center
NVD
CVSS 2.0
7.8
EPSS
1.5%
CVE-2014-2618 HIGH This Week

Unspecified vulnerability in HP Intelligent Management Center (iMC) before 7.0 E02020P03 and Branch Intelligent Management System (BIMS) before 7.0 E0201P02 allows remote attackers to obtain. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Imc Branch Intelligent Management System Software Module Intelligent Management Center
NVD
CVSS 2.0
7.8
EPSS
1.1%
CVE-2014-2606 CRITICAL Act Now

Unspecified vulnerability in HP StoreVirtual 4000 Storage and StoreVirtual VSA 9.5 through 11.0 allows remote authenticated users to gain privileges via unknown vectors. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Storage Management Software Storevirtual 4130 Storevirtual 4330 +7
NVD
CVSS 2.0
9.0
EPSS
0.3%
CVE-2014-2605 MEDIUM This Month

Unspecified vulnerability in HP StoreVirtual 4000 Storage and StoreVirtual VSA 9.5 through 11.0 allows remote attackers to obtain sensitive information via unknown vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Storage Management Software Storevirtual Vsa Storevirtual 4130 +7
NVD
CVSS 2.0
5.0
EPSS
1.1%
CVE-2014-2617 CRITICAL Emergency

Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors, aka ZDI-CAN-2104. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 41.2% and no vendor patch available.

HP RCE Universal Configuration Management Database
NVD
CVSS 2.0
10.0
EPSS
41.2%
CVE-2014-2616 HIGH This Week

Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors, aka ZDI-CAN-2091. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP RCE Universal Configuration Management Database
NVD
CVSS 2.0
7.5
EPSS
7.6%
CVE-2014-2615 HIGH This Week

Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors, aka ZDI-CAN-2083. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP RCE Universal Configuration Management Database
NVD
CVSS 2.0
7.5
EPSS
7.6%
CVE-2014-2614 HIGH This Week

Unspecified vulnerability in HP SiteScope 11.1x through 11.13 and 11.2x through 11.24 allows remote attackers to bypass authentication via unknown vectors, aka ZDI-CAN-2140. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Authentication Bypass Sitescope
NVD
CVSS 2.0
7.5
EPSS
1.0%
CVE-2014-4669 LOW POC Monitor

HP Enterprise Maps 1.00 allows remote authenticated users to read arbitrary files via a WSDL document containing an XML external entity declaration in conjunction with an entity reference within a. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

HP XXE Information Disclosure Enterprise Maps
NVD
CVSS 2.0
3.5
EPSS
0.3%
CVE-2014-2613 CRITICAL Act Now

Unspecified vulnerability in HP Release Control 9.x before 9.13 p3 and 9.2x before RC 9.21.0003 p1 on Windows and 9.2x before RC 9.21.0002 p1 on Linux allows remote authenticated users to gain. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Microsoft Release Control
NVD
CVSS 2.0
9.0
EPSS
0.2%
CVE-2014-2612 MEDIUM POC This Month

Unspecified vulnerability in HP Release Control 9.x before 9.13 p3 and 9.2x before RC 9.21.0003 p1 on Windows and 9.2x before RC 9.21.0002 p1 on Linux allows remote authenticated users to obtain. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

HP Information Disclosure Microsoft Release Control
NVD Exploit-DB
CVSS 2.0
4.0
EPSS
9.1%
CVE-2014-2611 CRITICAL Act Now

Directory traversal vulnerability in the fndwar web application in HP Executive Scorecard 9.40 and 9.41 allows remote authenticated users to execute arbitrary code, or obtain sensitive information or. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal HP RCE Executive Scorecard
NVD
CVSS 2.0
9.0
EPSS
2.4%
CVE-2014-2610 HIGH This Week

Directory traversal vulnerability in the Content Acceleration Pack (CAP) web application in HP Executive Scorecard 9.40 and 9.41 allows remote authenticated users to execute arbitrary code by. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal HP RCE Executive Scorecard
NVD
CVSS 2.0
7.1
EPSS
1.8%
CVE-2014-2609 CRITICAL Act Now

The Java Glassfish Admin Console in HP Executive Scorecard 9.40 and 9.41 does not require authentication, which allows remote attackers to execute arbitrary code via a session on TCP port 10001, aka. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 25.0% and no vendor patch available.

HP RCE Java Authentication Bypass Executive Scorecard
NVD
CVSS 2.0
10.0
EPSS
25.0%
CVE-2013-6221 CRITICAL POC THREAT Emergency

Directory traversal vulnerability in CommunicationServlet in HP Service Virtualization 3.x before 3.50.1, when the AutoPass license server is enabled, allows remote attackers to create arbitrary. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 84.1%.

Path Traversal HP RCE Service Virtualization
NVD Exploit-DB GitHub
CVSS 2.0
10.0
EPSS
84.1%
Threat
6.0
CVE-2014-2607 HIGH This Week

Unspecified vulnerability in HP Operations Manager i 9.1 through 9.13 and 9.2 through 9.24 allows remote authenticated users to execute arbitrary code by leveraging the OMi operator role. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

HP RCE Operations Manager I
NVD
CVSS 2.0
8.5
EPSS
0.5%
CVE-2014-2604 MEDIUM This Month

Unspecified vulnerability in HP IceWall SSO 10.0 Dfw and IceWall MCRP 2.1 and 3.0 allows remote attackers to cause a denial of service via unknown vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Denial Of Service Icewall Mcrp Icewall Sso
NVD
CVSS 2.0
5.0
EPSS
1.6%
CVE-2014-2603 LOW Monitor

Unspecified vulnerability on HP 8/20q switches, SN6000 switches, and 8Gb Simple SAN Connection Kit with firmware before 8.0.14.08.00 allows remote authenticated users to obtain sensitive information. Rated low severity (CVSS 1.7), this vulnerability is remotely exploitable. No vendor patch available.

HP Information Disclosure Hp H Series Fibre Channel Switch Firmware 8 20Q Fibre Channel Switch 16 Port 8 20Q Fibre Channel Switch 8 Port +4
NVD
CVSS 2.0
1.7
EPSS
0.3%
CVE-2013-6220 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 9.0, 9.10, and 9.20 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS HP Network Node Manager I
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-2602 MEDIUM This Month

Unspecified vulnerability in HP OneView 1.0 and 1.01 allows remote authenticated users to gain privileges via unknown vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Oneview
NVD
CVSS 2.0
6.5
EPSS
0.2%
CVE-2014-2601 HIGH PATCH This Week

The server in HP Integrated Lights-Out 2 (aka iLO 2) 2.23 and earlier allows remote attackers to cause a denial of service via crafted HTTPS traffic, as demonstrated by traffic from a CVE-2014-0160. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity.

HP Denial Of Service Integrated Lights Out 2 Firmware
NVD VulDB
CVSS 2.0
7.8
EPSS
3.5%
CVE-2013-6219 LOW Monitor

Unspecified vulnerability in HP HP-UX Whitelisting (aka WLI) before A.01.02.02 on HP-UX B.11.31 allows local users to bypass intended access restrictions via unknown vectors. Rated low severity (CVSS 3.8). No vendor patch available.

HP Authentication Bypass Hp Ux Whitelisting
NVD VulDB
CVSS 2.0
3.8
EPSS
0.0%
CVE-2013-6218 CRITICAL Emergency

Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x, 9.1x, and 9.2x allows remote attackers to execute arbitrary code via unknown vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 31.6% and no vendor patch available.

HP RCE Network Node Manager I
NVD VulDB
CVSS 2.0
10.0
EPSS
31.6%
CVE-2013-6215 HIGH This Week

Unspecified vulnerability in the Integration Service in HP Universal Configuration Management Database 10.01 and 10.10 allows remote authenticated users to execute arbitrary code via unknown vectors,. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

HP RCE Universal Configuration Management Database
NVD VulDB
CVSS 2.0
8.5
EPSS
0.5%
CVE-2013-6212 MEDIUM This Month

Unspecified vulnerability in HP Database and Middleware Automation 10.0, 10.01, 10.10, and 10.20 before 10.20.100 allows remote authenticated users to obtain sensitive information via unknown vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Database And Middleware Automation
NVD VulDB
CVSS 2.0
6.5
EPSS
0.2%
CVE-2013-6214 MEDIUM This Month

Unspecified vulnerability in the Integration Service in HP Universal Configuration Management Database 9.05, 10.01, and 10.10 allows remote authenticated users to obtain sensitive information via. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Universal Configuration Management Database
NVD VulDB
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-6213 CRITICAL Act Now

Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 Patch 1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1833. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 27.7% and no vendor patch available.

HP RCE Loadrunner
NVD VulDB
CVSS 2.0
10.0
EPSS
27.7%
CVE-2013-6216 LOW Monitor

Unspecified vulnerability in HP Array Configuration Utility, Array Diagnostics Utility, ProLiant Array Diagnostics, and SmartSSD Wear Gauge Utility 9.40 and earlier allows local users to gain. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

HP Information Disclosure Array Configuration Utility Array Diagnostics Utility Proliant Array Diagnostics +1
NVD VulDB
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-2600 MEDIUM This Month

Unspecified vulnerability in HP IceWall Identity Manager 4.0 through SP1 and 5.0 and IceWall SSO 10.0 Password Reset Option, when Apache Commons FileUpload is used, allows remote authenticated users. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Denial Of Service Apache Icewall Identity Manager Icewall Sso Password Reset Option
NVD VulDB
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-6211 HIGH This Week

Unspecified vulnerability in HP StoreOnce Virtual Storage Appliance (VSA) before 3.7.2, StoreOnce 26xx and 4210 iSCSI Backup System before 3.9.0, StoreOnce 4210 FC Backup System before 3.9.0, and. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable. No vendor patch available.

HP Denial Of Service Storeonce 2610 Iscsi Backup System Storeonce 2620 Iscsi Backup System Storeonce 4210 Fc Backup System +5
NVD VulDB
CVSS 2.0
7.8
EPSS
0.5%
CVE-2013-6210 HIGH This Week

Unspecified vulnerability in HP Unified Functional Testing before 12.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1932. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP RCE Unified Functional Testing
NVD VulDB
CVSS 2.0
7.5
EPSS
5.0%
CVE-2013-6208 HIGH This Week

Unspecified vulnerability in HP Smart Update Manager 5.3.5 before build 70 on Linux allows local users to gain privileges via unknown vectors. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

HP Information Disclosure Smart Update Manager
NVD VulDB
CVSS 2.0
7.2
EPSS
0.1%
CVE-2013-6209 MEDIUM This Month

Unspecified vulnerability in rpc.lockd in the NFS subsystem in HP HP-UX B.11.11 and B.11.23 allows remote attackers to cause a denial of service via unknown vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

HP Denial Of Service Hp Ux
NVD VulDB
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-6206 CRITICAL Act Now

Unspecified vulnerability in HP Rapid Deployment Pack (RDP) and Insight Control Server Deployment allows remote attackers to obtain sensitive information, modify data, or cause a denial of service. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Denial Of Service Insight Control Server Deployment Rapid Deployment Pack
NVD VulDB
CVSS 2.0
9.0
EPSS
1.6%
CVE-2013-6205 MEDIUM This Month

Unspecified vulnerability in HP Rapid Deployment Pack (RDP) and Insight Control Server Deployment allows local users to obtain sensitive information, modify data, or cause a denial of service via. Rated medium severity (CVSS 4.1). No vendor patch available.

HP Denial Of Service Insight Control Server Deployment Rapid Deployment Pack
NVD VulDB
CVSS 2.0
4.1
EPSS
0.0%
CVE-2013-6188 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) 7.1 through 7.2.2 allows remote attackers to hijack the authentication of unspecified victims via unknown. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

HP CSRF System Management Homepage
NVD VulDB
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-4846 MEDIUM PATCH This Month

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.3 allows remote attackers to obtain sensitive information via unknown vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

HP Information Disclosure System Management Homepage
NVD VulDB
CVSS 2.0
5.0
EPSS
0.6%
CVE-2013-6207 CRITICAL Act Now

Unspecified vulnerability in the loadFileContents function in the SOAP implementation in HP SiteScope 10.1x, 11.1x, and 11.21 allows remote attackers to read arbitrary files or cause a denial of. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Denial Of Service Sitescope
NVD VulDB
CVSS 2.0
9.4
EPSS
2.5%
CVE-2013-6200 MEDIUM This Month

Unspecified vulnerability in m4 in HP HP-UX B.11.23 and B.11.31 allows local users to obtain sensitive information or modify data via unknown vectors. Rated medium severity (CVSS 6.2), this vulnerability is low attack complexity. No vendor patch available.

HP Information Disclosure Hp Ux
NVD VulDB
CVSS 2.0
6.2
EPSS
0.1%
CVE-2013-6201 HIGH This Week

Unspecified vulnerability in HP Security Management System 3.3.0, 3.5.0 before patch 1, and 3.6.0 before patch 2 allows remote attackers to execute arbitrary code via unknown vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP RCE Security Management System
NVD VulDB
CVSS 2.0
7.5
EPSS
5.5%
CVE-2013-6204 HIGH This Week

The Web Console in HP Application Information Optimizer (formerly HP Database Archiving) 6.2, 6.3, 6.4, 7.0, and 7.1 allows remote attackers to execute arbitrary code or obtain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP RCE Application Information Optimizer
NVD
CVSS 2.0
7.5
EPSS
4.6%
CVE-2013-6203 HIGH This Week

The Web Console in HP Application Information Optimizer (formerly HP Database Archiving) 6.2, 6.3, 6.4, 7.0, and 7.1 allows remote attackers to execute arbitrary code or obtain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP RCE Application Information Optimizer
NVD
CVSS 2.0
7.5
EPSS
4.6%
CVE-2013-4841 CRITICAL Act Now

Unspecified vulnerability in dbd_manager in LeftHand OS before 11.0 in HP StoreVirtual 4000 and StoreVirtual VSA Software (formerly LeftHand Virtual SAN Appliance) allows remote attackers to execute. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 28.4% and no vendor patch available.

HP RCE Lefthand Storevirtual Virtual Storage Appliance Storevirtual 4000
NVD
CVSS 2.0
10.0
EPSS
28.4%
CVE-2013-6202 MEDIUM This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in HP Service Manager 9.30, 9.31, 9.32, and 9.33 allow remote attackers to hijack the authentication of unspecified victims for requests. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF XSS HP RCE Service Manager
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2012-6108 LOW Monitor

HP Linux Imaging and Printing (HPLIP) before 3.13.2 uses world-writable permissions for /var/log/hp and /var/log/hp/tmp, which allows local users to delete log files via standard filesystem. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation HP Linux Imaging And Printing Project
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2013-6402 LOW Monitor

base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.11 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hp-pkservice.log temporary file. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure HP Linux Imaging And Printing Project
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2013-6195 CRITICAL Act Now

Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-2008. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 27.7% and no vendor patch available.

Denial Of Service HP RCE Storage Data Protector
NVD
CVSS 2.0
10.0
EPSS
27.7%
CVE-2013-6194 CRITICAL POC THREAT Emergency

Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1905. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 77.3%.

Denial Of Service HP RCE Storage Data Protector
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
77.3%
Threat
5.8
CVE-2013-2350 CRITICAL Act Now

Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1897. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 27.7% and no vendor patch available.

Denial Of Service HP RCE Storage Data Protector
NVD
CVSS 2.0
10.0
EPSS
27.7%
CVE-2013-2349 CRITICAL Act Now

Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1896. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 27.7% and no vendor patch available.

Denial Of Service HP RCE Storage Data Protector
NVD
CVSS 2.0
10.0
EPSS
27.7%
CVE-2013-2348 CRITICAL Act Now

Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1892. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 27.7% and no vendor patch available.

Denial Of Service HP RCE Storage Data Protector
NVD
CVSS 2.0
10.0
EPSS
27.7%
CVE-2013-2347 CRITICAL POC THREAT Emergency

The Backup Client Service (OmniInet.exe) in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary commands or cause a denial of service via a crafted EXEC_BAR packet to TCP port. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 76.8%.

Denial Of Service HP Storage Data Protector
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
76.8%
Threat
5.8
CVE-2013-2346 CRITICAL Act Now

Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1870. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 27.7% and no vendor patch available.

Denial Of Service HP RCE Storage Data Protector
NVD
CVSS 2.0
10.0
EPSS
27.7%
CVE-2013-2345 CRITICAL Act Now

Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1869. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 27.7% and no vendor patch available.

Denial Of Service HP RCE Storage Data Protector
NVD
CVSS 2.0
10.0
EPSS
27.7%
CVE-2013-2344 CRITICAL Act Now

Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1866. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 27.7% and no vendor patch available.

Denial Of Service HP RCE Storage Data Protector
NVD
CVSS 2.0
10.0
EPSS
27.7%
CVE-2013-6198 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in HP Service Manager WebTier and Windows Client 9.20 and 9.21 before 9.21.661 p8 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

HP Microsoft XSS Service Manager Service Manager Web Client +1
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2013-6197 MEDIUM This Month

Unspecified vulnerability in HP Service Manager WebTier and Windows Client 9.20 and 9.21 before 9.21.661 p8 allows remote authenticated users to execute arbitrary code via unknown vectors. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

HP Microsoft RCE Service Manager Service Manager Web Client +1
NVD
CVSS 2.0
5.2
EPSS
0.1%
CVE-2013-6189 CRITICAL Emergency

Unspecified vulnerability in the Archive Query Server in HP Application Information Optimizer (formerly HP Database Archiving) 6.2, 6.3, 6.4, and 7.0 allows remote attackers to execute arbitrary code. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 53.7% and no vendor patch available.

HP RCE Application Information Optimizer
NVD
CVSS 2.0
10.0
EPSS
53.7%
CVE-2013-6196 LOW Monitor

Cross-site scripting (XSS) vulnerability in HP Autonomy Ultraseek 5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

HP XSS Autonomy Ultraseek
NVD
CVSS 2.0
3.5
EPSS
0.3%
CVE-2013-6193 MEDIUM This Month

Unspecified vulnerability on HP LaserJet M1522n and M2727; LaserJet Pro 100, 300, 400, CM1415fnw, CP1*, M121*, M1536dnf, and P1*; Color LaserJet CM* and CP*; and TopShot LaserJet Pro M275 printers. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service HP Color Laserjet Cm1312Nfi Multifunction Printer Color Laserjet Cm2320N Multifunction Printer Color Laserjet Cp1515 +22
NVD
CVSS 2.0
5.0
EPSS
1.3%
CVE-2013-6192 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in HP Operations Orchestration before 9 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF HP Operations Orchestration
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-6191 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in HP Operations Orchestration before 9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

HP XSS Operations Orchestration
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2013-4845 MEDIUM This Month

Cross-site scripting (XSS) vulnerability on HP Officejet Pro 8500 (aka A909) All-in-One printers allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

HP XSS Officejet Pro 8500 Firmware Officejet Pro 8500
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2013-6810 CRITICAL POC THREAT Emergency

The server in Brocade Network Advisor before 12.1.0, as used in EMC Connectrix Manager Converged Network Edition (CMCNE), HP B-series SAN Network Advisor, and possibly other products, allows remote. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 64.8%.

Code Injection HP RCE Connectrix Manager
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
64.8%
Threat
5.4
CVE-2013-6427 MEDIUM POC This Month

upgrade.py in the hp-upgrade service in HP Linux Imaging and Printing (HPLIP) 3.x through 3.13.11 launches a program from an http URL, which allows man-in-the-middle attackers to execute arbitrary. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Code Injection HP RCE Linux Imaging And Printing Project
NVD
CVSS 2.0
6.8
EPSS
0.8%
CVE-2013-6000 MEDIUM This Month

Directory traversal vulnerability in Tattyan HP TOWN before 5_10_1 allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Path Traversal Tattyan Hptown
NVD
CVSS 2.0
5.0
EPSS
0.1%
CVE-2013-4844 HIGH PATCH This Week

Unspecified vulnerability in HP Service Manager 7.11, 9.21, 9.30, 9.31, and 9.32, and ServiceCenter 6.2.8, allows remote attackers to execute arbitrary code via unknown vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

HP RCE Service Manager Service Center
NVD
CVSS 2.0
7.5
EPSS
6.4%
CVE-2013-6852 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in html/json.html on HP 2620 switches allows remote attackers to hijack the authentication of administrators for requests that change an administrative. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF HP 2620 24 Poe Switch
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.3%
CVE-2013-4843 MEDIUM This Month

Unspecified vulnerability in HP Integrated Lights-Out 4 (iLO4) with firmware before 1.32 allows remote authenticated users to obtain sensitive information via unknown vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure HP Integrated Lights Out Firmware Integrated Lights Out 4
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2013-4842 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in HP Integrated Lights-Out 4 (iLO4) with firmware before 1.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

HP XSS Integrated Lights Out Firmware Integrated Lights Out 4
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2013-4716 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Tattyan HP TOWN 5_9_3 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

HP XSS Tattyan Hptown
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-4839 HIGH This Week

Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service HP Loadrunner
NVD
CVSS 2.0
7.5
EPSS
1.1%
CVE-2013-4838 CRITICAL Act Now

Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1850. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 27.7% and no vendor patch available.

HP RCE Loadrunner
NVD
CVSS 2.0
10.0
EPSS
27.7%
CVE-2013-4837 CRITICAL POC THREAT Emergency

Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1832. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 75.6%.

HP RCE Loadrunner
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
75.6%
Threat
5.8
CVE-2013-4836 HIGH This Week

Unspecified vulnerability in the GossipService SOAP Request implementation in the Synchronizer component before 1.4.2 in HP Application LifeCycle Management (ALM) allows remote attackers to execute. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP RCE Alm Synchronizer
NVD
CVSS 2.0
7.5
EPSS
5.5%
CVE-2013-4835 HIGH POC THREAT Act Now

The APISiteScopeImpl SOAP service in HP SiteScope 10.1x and 11.x before 11.22 allows remote attackers to bypass authentication and execute arbitrary code via a direct request to the issueSiebelCmd. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 78.0%.

HP RCE Sitescope
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
78.0%
Threat
5.3
CVE-2013-4834 HIGH This Week

Unspecified vulnerability in the client component in HP Application LifeCycle Management (ALM) before 11 p11 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1327. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP RCE Application Lifecycle Management
NVD
CVSS 2.0
7.5
EPSS
5.5%
CVE-2013-4833 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in HP Service Manager 9.30 through 9.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

HP XSS Service Manager
NVD
CVSS 2.0
4.3
EPSS
0.6%
EPSS 12% CVSS 4.4
MEDIUM POC THREAT This Month

Unspecified vulnerability in HP Operations Agent 11.00, when Glance is used, allows local users to gain privileges via unknown vectors. Rated medium severity (CVSS 4.4). Public exploit code available and EPSS exploitation probability 12.2%.

HP Information Disclosure Operations Agent
NVD Exploit-DB
EPSS 0% CVSS 4.6
MEDIUM This Month

Unspecified vulnerability in HP Application Lifecycle Management (aka Quality Center) 11.5x and 12.0x allows local users to gain privileges via unknown vectors, aka ZDI-CAN-2138. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

HP Information Disclosure Application Lifecycle Management
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Unspecified vulnerability in HP Enterprise Maps 1 allows remote authenticated users to obtain sensitive information via unknown vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Enterprise Maps
NVD
EPSS 30% CVSS 6.4
MEDIUM This Month

Multiple directory traversal vulnerabilities in crs.exe in the Cell Request Service in HP Data Protector allow remote attackers to create arbitrary files via an opcode-1091 request, or create or. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 30.0% and no vendor patch available.

Path Traversal HP Data Protector
NVD
EPSS 0% CVSS 5.2
MEDIUM This Month

Unspecified vulnerability in HP NonStop NetBatch G06.14 through G06.32.01, H06 through H06.28, and J06 through J06.17.01 allows remote authenticated users to gain privileges for NetBatch job. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

HP Information Disclosure Nonstop Netbatch
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Unspecified vulnerability in HP and H3C VPN Firewall Module products SECPATH1000FE before 5.20.R3177 and SECBLADEFW before 5.20.R3177 allows remote attackers to cause a denial of service via unknown. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Denial Of Service Secbladefw +14
NVD
EPSS 40% CVSS 9.4
CRITICAL Emergency

Directory traversal vulnerability in the toServerObject function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to create files, and consequently execute. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 40.4% and no vendor patch available.

Path Traversal HP RCE +1
NVD
EPSS 9% CVSS 8.5
HIGH This Week

Directory traversal vulnerability in the storedNtxFile function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to read arbitrary files via crafted input,. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal HP Network Virtualization
NVD
EPSS 90% 6.2 CVSS 10.0
CRITICAL POC THREAT Emergency

Unspecified vulnerability in HP Storage Data Protector 8.x allows remote attackers to execute arbitrary code via unknown vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 89.8%.

HP RCE Storage Data Protector
NVD Exploit-DB
EPSS 0% CVSS 8.5
HIGH This Week

Unspecified vulnerability in HP Intelligent Management Center (iMC) before 7.0 E02020P03 and Branch Intelligent Management System (BIMS) before 7.0 E0201P02 allows remote authenticated users to. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Imc Branch Intelligent Management System Software Module +1
NVD
EPSS 2% CVSS 7.8
HIGH This Week

Unspecified vulnerability in HP Intelligent Management Center (iMC) before 7.0 E02020P03 and Branch Intelligent Management System (BIMS) before 7.0 E0201P02 allows remote attackers to obtain. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Imc Branch Intelligent Management System Software Module +1
NVD
EPSS 2% CVSS 7.8
HIGH This Week

Unspecified vulnerability in HP Intelligent Management Center (iMC) before 7.0 E02020P03 and Branch Intelligent Management System (BIMS) before 7.0 E0201P02 allows remote attackers to obtain. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Imc Branch Intelligent Management System Software Module +1
NVD
EPSS 2% CVSS 7.8
HIGH This Week

Unspecified vulnerability in HP Intelligent Management Center (iMC) before 7.0 E02020P03 and Branch Intelligent Management System (BIMS) before 7.0 E0201P02 allows remote attackers to obtain. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Imc Branch Intelligent Management System Software Module +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Unspecified vulnerability in HP Intelligent Management Center (iMC) before 7.0 E02020P03 and Branch Intelligent Management System (BIMS) before 7.0 E0201P02 allows remote attackers to obtain. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Imc Branch Intelligent Management System Software Module +1
NVD
EPSS 0% CVSS 9.0
CRITICAL Act Now

Unspecified vulnerability in HP StoreVirtual 4000 Storage and StoreVirtual VSA 9.5 through 11.0 allows remote authenticated users to gain privileges via unknown vectors. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Storage Management Software +9
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

Unspecified vulnerability in HP StoreVirtual 4000 Storage and StoreVirtual VSA 9.5 through 11.0 allows remote attackers to obtain sensitive information via unknown vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Storage Management Software +9
NVD
EPSS 41% CVSS 10.0
CRITICAL Emergency

Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors, aka ZDI-CAN-2104. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 41.2% and no vendor patch available.

HP RCE Universal Configuration Management Database
NVD
EPSS 8% CVSS 7.5
HIGH This Week

Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors, aka ZDI-CAN-2091. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP RCE Universal Configuration Management Database
NVD
EPSS 8% CVSS 7.5
HIGH This Week

Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors, aka ZDI-CAN-2083. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP RCE Universal Configuration Management Database
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Unspecified vulnerability in HP SiteScope 11.1x through 11.13 and 11.2x through 11.24 allows remote attackers to bypass authentication via unknown vectors, aka ZDI-CAN-2140. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Authentication Bypass Sitescope
NVD
EPSS 0% CVSS 3.5
LOW POC Monitor

HP Enterprise Maps 1.00 allows remote authenticated users to read arbitrary files via a WSDL document containing an XML external entity declaration in conjunction with an entity reference within a. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

HP XXE Information Disclosure +1
NVD
EPSS 0% CVSS 9.0
CRITICAL Act Now

Unspecified vulnerability in HP Release Control 9.x before 9.13 p3 and 9.2x before RC 9.21.0003 p1 on Windows and 9.2x before RC 9.21.0002 p1 on Linux allows remote authenticated users to gain. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Microsoft +1
NVD
EPSS 9% CVSS 4.0
MEDIUM POC This Month

Unspecified vulnerability in HP Release Control 9.x before 9.13 p3 and 9.2x before RC 9.21.0003 p1 on Windows and 9.2x before RC 9.21.0002 p1 on Linux allows remote authenticated users to obtain. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

HP Information Disclosure Microsoft +1
NVD Exploit-DB
EPSS 2% CVSS 9.0
CRITICAL Act Now

Directory traversal vulnerability in the fndwar web application in HP Executive Scorecard 9.40 and 9.41 allows remote authenticated users to execute arbitrary code, or obtain sensitive information or. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal HP RCE +1
NVD
EPSS 2% CVSS 7.1
HIGH This Week

Directory traversal vulnerability in the Content Acceleration Pack (CAP) web application in HP Executive Scorecard 9.40 and 9.41 allows remote authenticated users to execute arbitrary code by. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal HP RCE +1
NVD
EPSS 25% CVSS 10.0
CRITICAL Act Now

The Java Glassfish Admin Console in HP Executive Scorecard 9.40 and 9.41 does not require authentication, which allows remote attackers to execute arbitrary code via a session on TCP port 10001, aka. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 25.0% and no vendor patch available.

HP RCE Java +2
NVD
EPSS 84% 6.0 CVSS 10.0
CRITICAL POC THREAT Emergency

Directory traversal vulnerability in CommunicationServlet in HP Service Virtualization 3.x before 3.50.1, when the AutoPass license server is enabled, allows remote attackers to create arbitrary. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 84.1%.

Path Traversal HP RCE +1
NVD Exploit-DB GitHub
EPSS 1% CVSS 8.5
HIGH This Week

Unspecified vulnerability in HP Operations Manager i 9.1 through 9.13 and 9.2 through 9.24 allows remote authenticated users to execute arbitrary code by leveraging the OMi operator role. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

HP RCE Operations Manager I
NVD
EPSS 2% CVSS 5.0
MEDIUM This Month

Unspecified vulnerability in HP IceWall SSO 10.0 Dfw and IceWall MCRP 2.1 and 3.0 allows remote attackers to cause a denial of service via unknown vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Denial Of Service Icewall Mcrp +1
NVD
EPSS 0% CVSS 1.7
LOW Monitor

Unspecified vulnerability on HP 8/20q switches, SN6000 switches, and 8Gb Simple SAN Connection Kit with firmware before 8.0.14.08.00 allows remote authenticated users to obtain sensitive information. Rated low severity (CVSS 1.7), this vulnerability is remotely exploitable. No vendor patch available.

HP Information Disclosure Hp H Series Fibre Channel Switch Firmware +6
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 9.0, 9.10, and 9.20 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS HP Network Node Manager I
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Unspecified vulnerability in HP OneView 1.0 and 1.01 allows remote authenticated users to gain privileges via unknown vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Oneview
NVD
EPSS 3% CVSS 7.8
HIGH PATCH This Week

The server in HP Integrated Lights-Out 2 (aka iLO 2) 2.23 and earlier allows remote attackers to cause a denial of service via crafted HTTPS traffic, as demonstrated by traffic from a CVE-2014-0160. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity.

HP Denial Of Service Integrated Lights Out 2 Firmware
NVD VulDB
EPSS 0% CVSS 3.8
LOW Monitor

Unspecified vulnerability in HP HP-UX Whitelisting (aka WLI) before A.01.02.02 on HP-UX B.11.31 allows local users to bypass intended access restrictions via unknown vectors. Rated low severity (CVSS 3.8). No vendor patch available.

HP Authentication Bypass Hp Ux Whitelisting
NVD VulDB
EPSS 32% CVSS 10.0
CRITICAL Emergency

Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x, 9.1x, and 9.2x allows remote attackers to execute arbitrary code via unknown vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 31.6% and no vendor patch available.

HP RCE Network Node Manager I
NVD VulDB
EPSS 1% CVSS 8.5
HIGH This Week

Unspecified vulnerability in the Integration Service in HP Universal Configuration Management Database 10.01 and 10.10 allows remote authenticated users to execute arbitrary code via unknown vectors,. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

HP RCE Universal Configuration Management Database
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Unspecified vulnerability in HP Database and Middleware Automation 10.0, 10.01, 10.10, and 10.20 before 10.20.100 allows remote authenticated users to obtain sensitive information via unknown vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Database And Middleware Automation
NVD VulDB
EPSS 0% CVSS 4.0
MEDIUM This Month

Unspecified vulnerability in the Integration Service in HP Universal Configuration Management Database 9.05, 10.01, and 10.10 allows remote authenticated users to obtain sensitive information via. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Universal Configuration Management Database
NVD VulDB
EPSS 28% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 Patch 1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1833. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 27.7% and no vendor patch available.

HP RCE Loadrunner
NVD VulDB
EPSS 0% CVSS 2.1
LOW Monitor

Unspecified vulnerability in HP Array Configuration Utility, Array Diagnostics Utility, ProLiant Array Diagnostics, and SmartSSD Wear Gauge Utility 9.40 and earlier allows local users to gain. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

HP Information Disclosure Array Configuration Utility +3
NVD VulDB
EPSS 0% CVSS 4.0
MEDIUM This Month

Unspecified vulnerability in HP IceWall Identity Manager 4.0 through SP1 and 5.0 and IceWall SSO 10.0 Password Reset Option, when Apache Commons FileUpload is used, allows remote authenticated users. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Denial Of Service Apache +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Unspecified vulnerability in HP StoreOnce Virtual Storage Appliance (VSA) before 3.7.2, StoreOnce 26xx and 4210 iSCSI Backup System before 3.9.0, StoreOnce 4210 FC Backup System before 3.9.0, and. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable. No vendor patch available.

HP Denial Of Service Storeonce 2610 Iscsi Backup System +7
NVD VulDB
EPSS 5% CVSS 7.5
HIGH This Week

Unspecified vulnerability in HP Unified Functional Testing before 12.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1932. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP RCE Unified Functional Testing
NVD VulDB
EPSS 0% CVSS 7.2
HIGH This Week

Unspecified vulnerability in HP Smart Update Manager 5.3.5 before build 70 on Linux allows local users to gain privileges via unknown vectors. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

HP Information Disclosure Smart Update Manager
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

Unspecified vulnerability in rpc.lockd in the NFS subsystem in HP HP-UX B.11.11 and B.11.23 allows remote attackers to cause a denial of service via unknown vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

HP Denial Of Service Hp Ux
NVD VulDB
EPSS 2% CVSS 9.0
CRITICAL Act Now

Unspecified vulnerability in HP Rapid Deployment Pack (RDP) and Insight Control Server Deployment allows remote attackers to obtain sensitive information, modify data, or cause a denial of service. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Denial Of Service Insight Control Server Deployment +1
NVD VulDB
EPSS 0% CVSS 4.1
MEDIUM This Month

Unspecified vulnerability in HP Rapid Deployment Pack (RDP) and Insight Control Server Deployment allows local users to obtain sensitive information, modify data, or cause a denial of service via. Rated medium severity (CVSS 4.1). No vendor patch available.

HP Denial Of Service Insight Control Server Deployment +1
NVD VulDB
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) 7.1 through 7.2.2 allows remote attackers to hijack the authentication of unspecified victims via unknown. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

HP CSRF System Management Homepage
NVD VulDB
EPSS 1% CVSS 5.0
MEDIUM PATCH This Month

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.3 allows remote attackers to obtain sensitive information via unknown vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

HP Information Disclosure System Management Homepage
NVD VulDB
EPSS 2% CVSS 9.4
CRITICAL Act Now

Unspecified vulnerability in the loadFileContents function in the SOAP implementation in HP SiteScope 10.1x, 11.1x, and 11.21 allows remote attackers to read arbitrary files or cause a denial of. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Denial Of Service Sitescope
NVD VulDB
EPSS 0% CVSS 6.2
MEDIUM This Month

Unspecified vulnerability in m4 in HP HP-UX B.11.23 and B.11.31 allows local users to obtain sensitive information or modify data via unknown vectors. Rated medium severity (CVSS 6.2), this vulnerability is low attack complexity. No vendor patch available.

HP Information Disclosure Hp Ux
NVD VulDB
EPSS 6% CVSS 7.5
HIGH This Week

Unspecified vulnerability in HP Security Management System 3.3.0, 3.5.0 before patch 1, and 3.6.0 before patch 2 allows remote attackers to execute arbitrary code via unknown vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP RCE Security Management System
NVD VulDB
EPSS 5% CVSS 7.5
HIGH This Week

The Web Console in HP Application Information Optimizer (formerly HP Database Archiving) 6.2, 6.3, 6.4, 7.0, and 7.1 allows remote attackers to execute arbitrary code or obtain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP RCE Application Information Optimizer
NVD
EPSS 5% CVSS 7.5
HIGH This Week

The Web Console in HP Application Information Optimizer (formerly HP Database Archiving) 6.2, 6.3, 6.4, 7.0, and 7.1 allows remote attackers to execute arbitrary code or obtain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP RCE Application Information Optimizer
NVD
EPSS 28% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in dbd_manager in LeftHand OS before 11.0 in HP StoreVirtual 4000 and StoreVirtual VSA Software (formerly LeftHand Virtual SAN Appliance) allows remote attackers to execute. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 28.4% and no vendor patch available.

HP RCE Lefthand +2
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in HP Service Manager 9.30, 9.31, 9.32, and 9.33 allow remote attackers to hijack the authentication of unspecified victims for requests. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF XSS HP +2
NVD
EPSS 0% CVSS 2.1
LOW Monitor

HP Linux Imaging and Printing (HPLIP) before 3.13.2 uses world-writable permissions for /var/log/hp and /var/log/hp/tmp, which allows local users to delete log files via standard filesystem. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation HP Linux Imaging And Printing Project
NVD
EPSS 0% CVSS 2.1
LOW Monitor

base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.11 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hp-pkservice.log temporary file. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure HP Linux Imaging And Printing Project
NVD
EPSS 28% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-2008. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 27.7% and no vendor patch available.

Denial Of Service HP RCE +1
NVD
EPSS 77% 5.8 CVSS 10.0
CRITICAL POC THREAT Emergency

Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1905. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 77.3%.

Denial Of Service HP RCE +1
NVD Exploit-DB
EPSS 28% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1897. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 27.7% and no vendor patch available.

Denial Of Service HP RCE +1
NVD
EPSS 28% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1896. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 27.7% and no vendor patch available.

Denial Of Service HP RCE +1
NVD
EPSS 28% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1892. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 27.7% and no vendor patch available.

Denial Of Service HP RCE +1
NVD
EPSS 77% 5.8 CVSS 10.0
CRITICAL POC THREAT Emergency

The Backup Client Service (OmniInet.exe) in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary commands or cause a denial of service via a crafted EXEC_BAR packet to TCP port. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 76.8%.

Denial Of Service HP Storage Data Protector
NVD Exploit-DB
EPSS 28% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1870. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 27.7% and no vendor patch available.

Denial Of Service HP RCE +1
NVD
EPSS 28% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1869. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 27.7% and no vendor patch available.

Denial Of Service HP RCE +1
NVD
EPSS 28% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1866. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 27.7% and no vendor patch available.

Denial Of Service HP RCE +1
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in HP Service Manager WebTier and Windows Client 9.20 and 9.21 before 9.21.661 p8 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

HP Microsoft XSS +3
NVD
EPSS 0% CVSS 5.2
MEDIUM This Month

Unspecified vulnerability in HP Service Manager WebTier and Windows Client 9.20 and 9.21 before 9.21.661 p8 allows remote authenticated users to execute arbitrary code via unknown vectors. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

HP Microsoft RCE +3
NVD
EPSS 54% CVSS 10.0
CRITICAL Emergency

Unspecified vulnerability in the Archive Query Server in HP Application Information Optimizer (formerly HP Database Archiving) 6.2, 6.3, 6.4, and 7.0 allows remote attackers to execute arbitrary code. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 53.7% and no vendor patch available.

HP RCE Application Information Optimizer
NVD
EPSS 0% CVSS 3.5
LOW Monitor

Cross-site scripting (XSS) vulnerability in HP Autonomy Ultraseek 5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

HP XSS Autonomy Ultraseek
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

Unspecified vulnerability on HP LaserJet M1522n and M2727; LaserJet Pro 100, 300, 400, CM1415fnw, CP1*, M121*, M1536dnf, and P1*; Color LaserJet CM* and CP*; and TopShot LaserJet Pro M275 printers. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service HP Color Laserjet Cm1312Nfi Multifunction Printer +24
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in HP Operations Orchestration before 9 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF HP Operations Orchestration
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in HP Operations Orchestration before 9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

HP XSS Operations Orchestration
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability on HP Officejet Pro 8500 (aka A909) All-in-One printers allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

HP XSS Officejet Pro 8500 Firmware +1
NVD
EPSS 65% 5.4 CVSS 10.0
CRITICAL POC THREAT Emergency

The server in Brocade Network Advisor before 12.1.0, as used in EMC Connectrix Manager Converged Network Edition (CMCNE), HP B-series SAN Network Advisor, and possibly other products, allows remote. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 64.8%.

Code Injection HP RCE +1
NVD Exploit-DB
EPSS 1% CVSS 6.8
MEDIUM POC This Month

upgrade.py in the hp-upgrade service in HP Linux Imaging and Printing (HPLIP) 3.x through 3.13.11 launches a program from an http URL, which allows man-in-the-middle attackers to execute arbitrary. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Code Injection HP RCE +1
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Directory traversal vulnerability in Tattyan HP TOWN before 5_10_1 allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Path Traversal Tattyan Hptown
NVD
EPSS 6% CVSS 7.5
HIGH PATCH This Week

Unspecified vulnerability in HP Service Manager 7.11, 9.21, 9.30, 9.31, and 9.32, and ServiceCenter 6.2.8, allows remote attackers to execute arbitrary code via unknown vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

HP RCE Service Manager +1
NVD
EPSS 0% CVSS 6.8
MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in html/json.html on HP 2620 switches allows remote attackers to hijack the authentication of administrators for requests that change an administrative. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF HP 2620 24 Poe Switch
NVD Exploit-DB
EPSS 0% CVSS 6.8
MEDIUM This Month

Unspecified vulnerability in HP Integrated Lights-Out 4 (iLO4) with firmware before 1.32 allows remote authenticated users to obtain sensitive information via unknown vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure HP Integrated Lights Out Firmware +1
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in HP Integrated Lights-Out 4 (iLO4) with firmware before 1.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

HP XSS Integrated Lights Out Firmware +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Tattyan HP TOWN 5_9_3 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

HP XSS Tattyan Hptown
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service HP Loadrunner
NVD
EPSS 28% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1850. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 27.7% and no vendor patch available.

HP RCE Loadrunner
NVD
EPSS 76% 5.8 CVSS 10.0
CRITICAL POC THREAT Emergency

Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1832. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 75.6%.

HP RCE Loadrunner
NVD Exploit-DB
EPSS 6% CVSS 7.5
HIGH This Week

Unspecified vulnerability in the GossipService SOAP Request implementation in the Synchronizer component before 1.4.2 in HP Application LifeCycle Management (ALM) allows remote attackers to execute. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP RCE Alm Synchronizer
NVD
EPSS 78% 5.3 CVSS 7.5
HIGH POC THREAT Act Now

The APISiteScopeImpl SOAP service in HP SiteScope 10.1x and 11.x before 11.22 allows remote attackers to bypass authentication and execute arbitrary code via a direct request to the issueSiebelCmd. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 78.0%.

HP RCE Sitescope
NVD Exploit-DB
EPSS 6% CVSS 7.5
HIGH This Week

Unspecified vulnerability in the client component in HP Application LifeCycle Management (ALM) before 11 p11 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1327. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP RCE Application Lifecycle Management
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in HP Service Manager 9.30 through 9.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

HP XSS Service Manager
NVD
Prev Page 5 of 8 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy