Information leak in Compaq WL310, and the Orinoco Residential Gateway access point it is based on, uses a system identification string as a default SNMP read/write community string, which allows remote attackers to obtain and modify sensitive configuration information by querying for the identification string.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| proxim | orinoco_rg-1000_firmware | - |
| proxim | orinoco_rg-1100_firmware | - |
| hpe | compaq_wl310_firmware | - |
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-400,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| stormshield | stormshield_management_center | * |
| f5 | big-ip_domain_name_system | 17.5.0 |
| stormshield | stormshield_network_security | * |
| f5 | big-ip_application_acceleration_manager | * |
| f5 | big-ip_service_proxy | 1.6.0 |
| f5 | traffix_signaling_delivery_controller | 5.1.0 |
| f5 | big-ip_access_policy_manager | * |
| f5 | big-ip_policy_enforcement_manager | 17.5.0 |
| f5 | big-ip_global_traffic_manager | 17.5.0 |
| f5 | big-ip_link_controller | 17.5.0 |
| f5 | big-ip_fraud_protection_service | 17.5.0 |
| f5 | big-ip_analytics | 17.5.0 |
| balasys | dheater | - |
| f5 | big-ip_ssl_orchestrator | * |
| f5 | f5os-c | 1.5.0 |
| f5 | f5os-c | 1.5.1 |
| f5 | big-ip_advanced_firewall_manager | 17.5.0 |
| f5 | big-ip_edge_gateway | * |
| f5 | big-iq_centralized_management | * |
| f5 | f5os-a | 1.3.0 |
| f5 | f5os-c | 1.8.1 |
| f5 | f5os-a | * |
| suse | linux_enterprise_server | 11 |
| f5 | big-ip_advanced_firewall_manager | * |
| f5 | big-ip_application_security_manager | * |
| f5 | big-ip_fraud_protection_service | * |
| f5 | big-ip_policy_enforcement_manager | * |
| f5 | big-ip_application_acceleration_manager | 17.5.0 |
| f5 | f5os-c | 1.8.0 |
| f5 | big-ip_domain_name_system | * |
| f5 | big-ip_analytics | * |
| f5 | big-ip_advanced_web_application_firewall | * |
| f5 | traffix_signaling_delivery_controller | 5.2.0 |
| f5 | big-ip_ddos_hybrid_defender | 17.5.0 |
| f5 | big-ip_edge_gateway | 17.5.0 |
| siemens | scalance_w1750d_firmware | * |
| f5 | big-ip_local_traffic_manager | 17.5.0 |
| suse | linux_enterprise_server | 15 |
| f5 | big-ip_advanced_web_application_firewall | 17.5.0 |
| f5 | f5os-a | 1.3.1 |
| f5 | big-ip_webaccelerator | * |
| f5 | f5os-c | * |
| f5 | big-ip_websafe | * |
| f5 | traffix_sdc | 5.2.0 |
| f5 | big-ip_carrier-grade_nat | * |
| f5 | f5os-a | 1.8.0 |
| hpe | arubaos-cx | * |
| f5 | big-ip_ddos_hybrid_defender | * |
| f5 | big-ip_carrier-grade_nat | 17.5.0 |
| f5 | big-ip_webaccelerator | 17.5.0 |
| f5 | big-ip_application_visibility_and_reporting | 17.5.0 |
| f5 | big-ip_global_traffic_manager | * |
| f5 | big-iq_centralized_management | 7.1.0 |
| f5 | big-ip_websafe | 17.5.0 |
| suse | linux_enterprise_server | 12 |
| f5 | big-ip_link_controller | * |
| f5 | traffix_sdc | 5.1.0 |
| f5 | big-ip_application_security_manager | 17.5.0 |
| f5 | big-ip_local_traffic_manager | * |
| f5 | big-ip_application_visibility_and_reporting | * |
| f5 | big-ip_ssl_orchestrator | 17.5.0 |
Unspecified vulnerability in HP Smart Update Manager 6.x before 6.4.1 on Windows, and 6.2.x through 6.4.x before 6.4.1 on Linux, allows local users to obtain sensitive information, and consequently gain privileges, via unknown vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | smart_update_manager | * |
HPE Project and Portfolio Management Center (PPM) 9.2x and 9.3x before 9.32.0002 allows remote authenticated users to execute arbitrary commands or obtain sensitive information via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | project_and_portfolio_management_center | 9.21 |
| hpe | project_and_portfolio_management_center | 9.22 |
| hpe | project_and_portfolio_management_center | 9.30 |
| hpe | project_and_portfolio_management_center | 9.32 |
| hpe | project_and_portfolio_management_center | 9.20 |
| hpe | project_and_portfolio_management_center | 9.31 |
NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-400,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_server_aus | 7.3 |
| redhat | enterprise_linux_server_tus | 7.7 |
| ntp | ntp | 4.2.8 |
| redhat | enterprise_linux_server | 6.0 |
| redhat | enterprise_linux_workstation | 7.0 |
| redhat | enterprise_linux_server_eus | 7.5 |
| hpe | hpux-ntp | * |
| redhat | enterprise_linux_workstation | 6.0 |
| redhat | enterprise_linux_desktop | 7.0 |
| redhat | enterprise_linux_server_aus | 7.7 |
| redhat | enterprise_linux_server_tus | 7.3 |
| redhat | enterprise_linux_server_eus | 7.4 |
| ntp | ntp | * |
| redhat | enterprise_linux_server_tus | 7.6 |
| redhat | enterprise_linux_server_aus | 7.6 |
| redhat | enterprise_linux_server_eus | 7.3 |
| redhat | enterprise_linux_server_aus | 7.4 |
| ntp | ntp | 4.2.5 |
| canonical | ubuntu_linux | 12.04 |
| redhat | enterprise_linux_desktop | 6.0 |
| redhat | enterprise_linux_server_eus | 7.6 |
| redhat | enterprise_linux_server_eus | 7.7 |
The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ntp | ntp | 4.2.8 |
| hpe | hpux-ntp | * |
| ntp | ntp | 4.2.7 |
| ntp | ntp | * |
An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.9 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H | 2.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ntp | ntp | 4.2.8 |
| freebsd | freebsd | 11.0 |
| hpe | hpux-ntp | * |
| siemens | simatic_net_cp_443-1_opc_ua_firmware | * |
| freebsd | freebsd | 10.0 |
An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,CWE-269,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| intel | active_management_technology_firmware | 11.0 |
| siemens | sinumerik_pcu50.5-p_firmware | * |
| siemens | simatic_ipc647c_firmware | * |
| siemens | simatic_ipc677d_firmware | * |
| intel | active_management_technology_firmware | 9.1 |
| intel | active_management_technology_firmware | 10.0 |
| siemens | simatic_pcs_7_ipc547e_firmware | * |
| siemens | simatic_pcs_7_ipc427e_firmware | * |
| siemens | simatic_itp1000_firmware | * |
| siemens | simatic_ipc677c_firmware | * |
| siemens | simatic_pcs_7_ipc627c_firmware | * |
| intel | active_management_technology_firmware | 11.5 |
| siemens | simatic_ipc427e_firmware | * |
| hpe | proliant_ml10_gen9_server_firmware | 5.0 |
| siemens | simatic_ipc847d_firmware | * |
| siemens | simatic_field_pg_m5_firmware | * |
| siemens | simatic_ipc547g_firmware | * |
| intel | active_management_technology_firmware | 6.2 |
| siemens | simatic_pcs_7_ipc647d_firmware | * |
| siemens | simatic_ipc477e_firmware | * |
| siemens | simatic_pcs_7_ipc647c_firmware | * |
| siemens | simatic_ipc847c_firmware | * |
| siemens | simatic_ipc627d_firmware | * |
| siemens | simatic_ipc477d_firmware | - |
| siemens | simatic_ipc547e_firmware | * |
| intel | active_management_technology_firmware | 9.0 |
| siemens | simatic_pcs_7_ipc847c_firmware | * |
| siemens | simatic_field_pg_m4_firmware | * |
| intel | active_management_technology_firmware | 8.0 |
| siemens | simatic_pcs_7_ipc677c_firmware | * |
| siemens | simatic_ipc647d_firmware | * |
| intel | active_management_technology_firmware | 7.1 |
| siemens | simatic_pcs_7_ipc477d_firmware | - |
| siemens | simatic_pcs_7_ipc847d_firmware | * |
| siemens | simotion_p320-4_s_firmware | * |
| siemens | simatic_pcs_7_ipc547g_firmware | * |
| siemens | simatic_ipc627c_firmware | * |
| siemens | simatic_field_pg_m3_firmware | * |
| intel | active_management_technology_firmware | 8.1 |
| siemens | simatic_ipc427d_firmware | - |
| siemens | simatic_ipc827c_firmware | * |
| intel | active_management_technology_firmware | 7.0 |
| siemens | simatic_pcs_7_ipc547d_firmware | * |
| siemens | simatic_ipc547d_firmware | * |
| siemens | simatic_ipc827d_firmware | * |
| intel | active_management_technology_firmware | 6.0 |
| intel | active_management_technology_firmware | 11.6 |
| intel | active_management_technology_firmware | 9.5 |
| intel | active_management_technology_firmware | 6.1 |
| siemens | simatic_pcs_7_ipc427e_firmware | - |
Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ntp | ntp | 4.2.8 |
| hpe | hpux-ntp | * |
| siemens | simatic_net_cp_443-1_opc_ua_firmware | * |
| apple | mac_os_x | * |
| ntp | ntp | * |
A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-5.0.0.0-22913(GA). The vulnerability may be exploited locally to allow disclosure of privileged information.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | 3par_service_provider | * |
A potential security vulnerability has been identified in HPE Device Entitlement Gateway (DEG) v3.2.4, v3.3 and v3.3.1. The vulnerability could be remotely exploited to allow local SQL injection and elevation of privilege.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | device_entitlement_gateway | 3.3 |
| hpe | device_entitlement_gateway | 3.3.1 |
| hpe | device_entitlement_gateway | 3.2.4 |
HPE StorageWorks XP7 Automation Director (AutoDir) version 8.5.2-02 to earlier than 8.6.1-00 has a local and remote authentication bypass vulnerability that exposed the user authentication information of the storage system. This problem sometimes occurred under specific conditions when running a service template.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | storageworks_xp7_automation_director | * |
A remote unauthorized disclosure of information vulnerability was identified in HPE Service Governance Framework (SGF) version 4.2, 4.3. A race condition under high load in SGF exists where SGF transferred different parameter to the enabler.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-362,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | service_governance_framework | 4.2 |
| hpe | service_governance_framework | 4.3 |
ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N | 1.6 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ntp | ntp | 4.2.8 |
| hpe | hpux-ntp | * |
| synology | virtual_diskstation_manager | * |
| netapp | solidfire | - |
| netapp | hci | - |
| synology | vs960hd_firmware | * |
| synology | skynas | * |
| synology | diskstation_manager | * |
| synology | router_manager | * |
| ntp | ntp | * |
The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 14.04 |
| ntp | ntp | 4.2.8 |
| hpe | hpux-ntp | * |
| netapp | solidfire | - |
| netapp | hci | - |
| synology | skynas | * |
| oracle | fujitsu_m12-2_firmware | * |
| canonical | ubuntu_linux | 16.04 |
| oracle | fujitsu_m10-4s_firmware | * |
| synology | router_manager | * |
| ntp | ntp | * |
| oracle | fujitsu_m10-4_firmware | * |
| oracle | fujitsu_m12-2s_firmware | * |
| oracle | fujitsu_m10-1_firmware | * |
| synology | virtual_diskstation_manager | * |
| canonical | ubuntu_linux | 12.04 |
| synology | vs960hd_firmware | * |
| synology | diskstation_manager | * |
| oracle | fujitsu_m12-1_firmware | * |
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 17.10 |
Insufficient access control in system firmware for Intel(R) Xeon(R) Scalable Processors, 2nd Generation Intel(R) Xeon(R) Scalable Processors and Intel(R) Xeon(R) Processors D Family may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | proliant_dl120_gen10_server_firmware | * |
| intel | xeon_silver_4110_firmware | - |
| intel | xeon_gold_6240y_firmware | - |
| intel | xeon_silver_4216_firmware | - |
| intel | xeon_e5-2630l_v4_firmware | - |
| intel | xeon_d-1523n_firmware | - |
| intel | xeon_d-1637_firmware | - |
| intel | xeon_platinum_8284_firmware | - |
| intel | xeon_gold_6238_firmware | - |
| intel | xeon_gold_6136_firmware | - |
| intel | xeon_silver_4109t_firmware | - |
| intel | xeon_d-1513n_firmware | - |
| intel | xeon_d-2143it_firmware | - |
| intel | xeon_e5-2687w_v4_firmware | - |
| intel | atom_c2730_firmware | - |
| intel | xeon_gold_6130t_firmware | - |
| hpe | proliant_xl230k_gen10_server_firmware | * |
| hpe | apollo_4200_gen10_server_firmware | * |
| intel | xeon_e5-2698_v4_firmware | - |
| intel | xeon_e5-2648l_v4_firmware | - |
| intel | xeon_d-1557_firmware | - |
| intel | xeon_platinum_8276_firmware | - |
| intel | xeon_gold_6244_firmware | - |
| intel | xeon_e5-4660_v4_firmware | - |
| intel | atom_c2518_firmware | - |
| hpe | proliant_dl120_gen9_server_firmware | * |
| intel | xeon_d-2166nt_firmware | - |
| intel | xeon_d-1533n_firmware | - |
| intel | xeon_e7-8867_v4_firmware | - |
| intel | atom_c2750_firmware | - |
| intel | xeon_gold_6254_firmware | - |
| intel | xeon_gold_6138f_firmware | - |
| intel | xeon_e5-4650_v4_firmware | - |
| intel | xeon_silver_4214y_firmware | - |
| intel | atom_c2550_firmware | - |
| hpe | synergy_680_gen9_compute_module_firmware | * |
| intel | xeon_d-1649n_firmware | - |
| intel | xeon_gold_5220s_firmware | - |
| intel | xeon_gold_5218_firmware | - |
| hpe | proliant_bl660c_gen9_server_firmware | * |
| intel | atom_c3336_firmware | - |
| intel | xeon_e7-4820_v4_firmware | - |
| intel | xeon_d-1540_firmware | - |
| intel | xeon_gold_6128_firmware | - |
| intel | xeon_gold_5215l_firmware | - |
| hpe | proliant_ml350_gen9_server_firmware | * |
| intel | xeon_d-1539_firmware | - |
| intel | xeon_d-1559_firmware | - |
| intel | xeon_silver_4208_firmware | - |
| intel | xeon_e5-2697a_v4_firmware | - |
| intel | xeon_e5-2637_v4_firmware | - |
| intel | xeon_silver_4214_firmware | - |
| intel | xeon_gold_5115_firmware | - |
| intel | xeon_gold_6138_firmware | - |
| intel | xeon_silver_4215_firmware | - |
| intel | xeon_d-1543n_firmware | - |
| intel | xeon_gold_6240l_firmware | - |
| intel | xeon_e5-2683_v4_firmware | - |
| intel | xeon_platinum_8280_firmware | - |
| intel | xeon_d-1548_firmware | - |
| intel | xeon_platinum_8180_firmware | - |
| hpe | proliant_dl160_gen10_server_firmware | * |
| intel | xeon_silver_4116_firmware | - |
| intel | atom_c3830_firmware | - |
| intel | xeon_gold_6230_firmware | - |
| intel | xeon_silver_4209t_firmware | - |
| intel | xeon_bronze_3106_firmware | - |
| intel | atom_c2758_firmware | - |
| intel | xeon_d-1571_firmware | - |
| intel | xeon_gold_6130f_firmware | - |
| hpe | proliant_dl160_gen9_server_firmware | * |
| intel | xeon_e5-2609_v4_firmware | - |
| intel | atom_c3808_firmware | - |
| intel | xeon_d-1553n_firmware | - |
| intel | xeon_bronze_3104_firmware | - |
| intel | xeon_gold_6226_firmware | - |
| intel | xeon_e7-4850_v4_firmware | - |
| intel | xeon_platinum_9242_firmware | - |
| intel | xeon_gold_6222v_firmware | - |
| hpe | proliant_xl170r_gen9_server_firmware | * |
| intel | atom_c2530_firmware | - |
| intel | xeon_gold_5118_firmware | - |
| hpe | proliant_dl80_gen9_server_firmware | * |
| intel | xeon_gold_6126f_firmware | - |
| hpe | synergy_660_gen10_compute_module_firmware | * |
| hpe | synergy_620_gen9_compute_module_firmware | * |
| intel | xeon_platinum_8160f_firmware | - |
| intel | xeon_e7-4809_v4_firmware | - |
| intel | atom_c3958_firmware | - |
| intel | xeon_gold_5215m_firmware | - |
| intel | xeon_e7-8890_v4_firmware | - |
| intel | xeon_gold_5120_firmware | - |
| intel | xeon_gold_6148_firmware | - |
| hpe | proliant_xl450_gen9_server_firmware | * |
| intel | xeon_d-1541_firmware | - |
| intel | xeon_gold_6240m_firmware | - |
| intel | atom_c3950_firmware | - |
| intel | atom_c2308_firmware | - |
| hpe | proliant_ml150_gen9_server_firmware | * |
| intel | xeon_d-1528_firmware | - |
| hpe | synergy_480_gen10_compute_module_firmware | * |
| intel | xeon_d-1518_firmware | - |
| intel | xeon_e5-1650_v4_firmware | - |
| intel | xeon_e5-2695_v4_firmware | - |
| intel | xeon_gold_5120t_firmware | - |
| intel | xeon_gold_5215_firmware | - |
| intel | xeon_platinum_8268_firmware | - |
| intel | atom_c3708_firmware | - |
| intel | xeon_e5-2603_v4_firmware | - |
| intel | atom_c2516_firmware | - |
| intel | xeon_platinum_8280m_firmware | - |
| intel | xeon_d-2141i_firmware | - |
| intel | xeon_gold_5220_firmware | - |
| hpe | proliant_xl270d_gen10_server_firmware | * |
| intel | xeon_gold_6210u_firmware | - |
| intel | xeon_e7-8880_v4_firmware | - |
| intel | xeon_gold_6132_firmware | - |
| intel | xeon_e5-2630_v4_firmware | - |
| intel | xeon_gold_5218b_firmware | - |
| intel | atom_c2358_firmware | - |
| intel | xeon_platinum_8260l_firmware | - |
| intel | xeon_d-2146nt_firmware | - |
| intel | atom_c3858_firmware | - |
| intel | atom_c2338_firmware | - |
| intel | xeon_e7-8870_v4_firmware | - |
| intel | xeon_platinum_8274_firmware | - |
| hpe | proliant_dl180_gen10_server_firmware | * |
| intel | xeon_platinum_8260_firmware | - |
| intel | xeon_e5-2623_v4_firmware | - |
| intel | xeon_d-1529_firmware | - |
| hpe | proliant_dl60_gen9_server_firmware | * |
| intel | xeon_e5-4669_v4_firmware | - |
| intel | xeon_e7-8893_v4_firmware | - |
| intel | xeon_platinum_8260m_firmware | - |
| intel | xeon_gold_6212u_firmware | - |
| intel | xeon_e5-1620_v4_firmware | - |
| intel | xeon_gold_6130_firmware | - |
| intel | xeon_e5-2650l_v4_firmware | - |
| hpe | proliant_dl380_gen9_server_firmware | * |
| intel | xeon_gold_6142f_firmware | - |
| intel | xeon_gold_6144_firmware | - |
| intel | xeon_e7-8891_v4_firmware | - |
| intel | xeon_d-2142it_firmware | - |
| intel | xeon_gold_5122_firmware | - |
| intel | xeon_gold_6126t_firmware | - |
| hpe | proliant_xl190r_gen10_server_firmware | * |
| intel | atom_c3758_firmware | - |
| intel | xeon_d-1622_firmware | - |
| hpe | proliant_bl460c_gen10_server_blade_firmware | * |
| intel | atom_c3308_firmware | - |
| intel | xeon_platinum_8168_firmware | - |
| intel | xeon_silver_4112_firmware | - |
| intel | xeon_platinum_8170_firmware | - |
| intel | xeon_d-2123it_firmware | - |
| intel | atom_c2538_firmware | - |
| hpe | proliant_xl170r_gen10_server_firmware | * |
| intel | xeon_d-1627_firmware | - |
| intel | xeon_platinum_8253_firmware | - |
| intel | xeon_d-2161i_firmware | - |
| intel | xeon_gold_6262v_firmware | - |
| intel | xeon_gold_6246_firmware | - |
| intel | xeon_d-1531_firmware | - |
| intel | xeon_e5-2650_v4_firmware | - |
| intel | xeon_d-2183it_firmware | - |
| hpe | proliant_xl250a_gen9_server_firmware | * |
| intel | xeon_e5-2697_v4_firmware | - |
| hpe | proliant_dl560_gen10_server_firmware | * |
| hpe | proliant_dl380_gen10_server_firmware | * |
| intel | xeon_platinum_8280l_firmware | - |
| intel | xeon_e5-2618l_v4_firmware | - |
| intel | atom_c3508_firmware | - |
| intel | xeon_e5-2658_v4_firmware | - |
| hpe | proliant_dl180_gen9_server_firmware | * |
| intel | xeon_d-2187nt_firmware | - |
| intel | atom_c3558_firmware | - |
| hpe | proliant_xl450_gen10_server_firmware | * |
| intel | xeon_platinum_8276l_firmware | - |
| intel | xeon_gold_6240_firmware | - |
| intel | xeon_d-1623n_firmware | - |
| intel | xeon_d-2177nt_firmware | - |
| intel | xeon_e5-1680_v4_firmware | - |
| intel | xeon_e5-2608l_v4_firmware | - |
| intel | xeon_e5-1630_v4_firmware | - |
| hpe | apollo_4200_gen9_server_firmware | * |
| intel | xeon_e5-4655_v4_firmware | - |
| intel | xeon_gold_6138t_firmware | - |
| intel | xeon_e5-4640_v4_firmware | - |
| intel | atom_c2350_firmware | - |
| intel | xeon_gold_5218t_firmware | - |
| intel | atom_c3955_firmware | - |
| intel | xeon_gold_6238m_firmware | - |
| intel | xeon_d-1633n_firmware | - |
| intel | xeon_d-1602_firmware | - |
| intel | xeon_gold_6148f_firmware | - |
| intel | xeon_gold_6140_firmware | - |
| intel | atom_c2508_firmware | - |
| intel | xeon_e7-8860_v4_firmware | - |
| hpe | synergy_480_gen9_compute_module_firmware | * |
| intel | xeon_silver_4210_firmware | - |
| hpe | proliant_ml110_gen10_server_firmware | * |
| hpe | proliant_bl460c_gen9_server_blade_firmware | * |
| intel | xeon_d-1537_firmware | - |
| intel | xeon_platinum_8176_firmware | - |
| intel | xeon_gold_6252_firmware | - |
| intel | xeon_gold_5218n_firmware | - |
| intel | xeon_d-1521_firmware | - |
| intel | xeon_e5-4610_v4_firmware | - |
| intel | xeon_d-2191_firmware | - |
| intel | xeon_platinum_8270_firmware | - |
| intel | xeon_platinum_8260y_firmware | - |
| intel | xeon_platinum_8153_firmware | - |
| intel | xeon_e5-4628l_v4_firmware | - |
| hpe | proliant_dl580_gen9_server_firmware | * |
| hpe | proliant_dl580_gen10_server_firmware | * |
| intel | xeon_gold_6238l_firmware | - |
| intel | xeon_e5-2628l_v4_firmware | - |
| hpe | proliant_xl230a_gen9_server_firmware | * |
| intel | xeon_e5-2699a_v4_firmware | - |
| intel | xeon_gold_5222_firmware | - |
| hpe | proliant_dl560_gen9_server_firmware | * |
| intel | xeon_bronze_3204_firmware | - |
| intel | xeon_e5-2620_v4_firmware | - |
| intel | atom_c2738_firmware | - |
| intel | atom_c2558_firmware | - |
| intel | xeon_e5-2690_v4_firmware | - |
| hpe | proliant_xl730f_gen9_server_firmware | * |
| intel | xeon_e5-2643_v4_firmware | - |
| intel | xeon_platinum_8156_firmware | - |
| intel | xeon_gold_6238t_firmware | - |
| intel | xeon_gold_5217_firmware | - |
| intel | xeon_platinum_8276m_firmware | - |
| hpe | proliant_xl190r_gen9_server_firmware | * |
| intel | xeon_gold_6150_firmware | - |
| intel | xeon_gold_6152_firmware | - |
| intel | xeon_gold_6126_firmware | - |
| intel | xeon_gold_6248_firmware | - |
| intel | xeon_gold_6242_firmware | - |
| intel | xeon_e7-8894_v4_firmware | - |
| hpe | proliant_dl360_gen10_server_firmware | * |
| intel | xeon_d-2145nt_firmware | - |
| hpe | proliant_dl360_gen9_server_firmware | * |
| intel | xeon_platinum_8176f_firmware | - |
| intel | xeon_silver_4108_firmware | - |
| intel | atom_c3850_firmware | - |
| hpe | proliant_e910_server_blade_firmware | * |
| intel | atom_c3338_firmware | - |
| intel | xeon_silver_4114_firmware | - |
| intel | xeon_gold_6154_firmware | - |
| intel | xeon_gold_6252n_firmware | - |
| intel | xeon_platinum_8158_firmware | - |
| intel | xeon_platinum_9282_firmware | - |
| intel | xeon_platinum_8256_firmware | - |
| intel | xeon_d-2163it_firmware | - |
| intel | xeon_e5-4620_v4_firmware | - |
| intel | xeon_gold_6134_firmware | - |
| intel | xeon_gold_5220t_firmware | - |
| intel | xeon_d-1567_firmware | - |
| hpe | proliant_ml350_gen10_server_firmware | * |
| intel | xeon_e5-2660_v4_firmware | - |
| intel | xeon_d-1653n_firmware | - |
| hpe | proliant_ws460c_gen9_graphics_server_blade_firmware | * |
| intel | xeon_gold_6209u_firmware | - |
| intel | xeon_d-1527_firmware | - |
| intel | xeon_platinum_8160_firmware | - |
| intel | xeon_e5-4627_v4_firmware | - |
| intel | atom_c2718_firmware | - |
| intel | xeon_d-2173it_firmware | - |
| intel | xeon_d-1520_firmware | - |
| intel | xeon_gold_6140m_firmware | - |
| hpe | proliant_ml110_gen9_server_firmware | * |
| intel | xeon_e7-4830_v4_firmware | - |
| intel | xeon_e5-4667_v4_firmware | - |
| intel | atom_c2316_firmware | - |
| intel | xeon_platinum_8160t_firmware | - |
| intel | xeon_gold_6146_firmware | - |
| intel | xeon_d-1577_firmware | - |
| intel | xeon_e5-2667_v4_firmware | - |
| intel | xeon_platinum_8164_firmware | - |
| intel | xeon_e5-1660_v4_firmware | - |
| intel | xeon_e5-2680_v4_firmware | - |
| intel | atom_c3750_firmware | - |
| intel | xeon_e5-2640_v4_firmware | - |
| intel | atom_c3538_firmware | - |
| intel | xeon_e5-2699_v4_firmware | - |
Insufficient input validation in system firmware for Intel(R) Xeon(R) Scalable Processors, Intel(R) Xeon(R) Processors D Family, Intel(R) Xeon(R) Processors E5 v4 Family, Intel(R) Xeon(R) Processors E7 v4 Family and Intel(R) Atom(R) processor C Series may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.2 | HIGH | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H | 1.5 | 6.0 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | proliant_dl120_gen10_server_firmware | * |
| intel | xeon_silver_4110_firmware | - |
| intel | xeon_gold_6240y_firmware | - |
| intel | xeon_silver_4216_firmware | - |
| intel | xeon_e5-2630l_v4_firmware | - |
| intel | xeon_d-1523n_firmware | - |
| intel | xeon_d-1637_firmware | - |
| intel | xeon_platinum_8284_firmware | - |
| intel | xeon_gold_6238_firmware | - |
| intel | xeon_gold_6136_firmware | - |
| intel | xeon_silver_4109t_firmware | - |
| intel | xeon_d-1513n_firmware | - |
| intel | xeon_d-2143it_firmware | - |
| intel | xeon_e5-2687w_v4_firmware | - |
| intel | atom_c2730_firmware | - |
| intel | xeon_gold_6130t_firmware | - |
| hpe | proliant_xl230k_gen10_server_firmware | * |
| hpe | apollo_4200_gen10_server_firmware | * |
| intel | xeon_e5-2698_v4_firmware | - |
| intel | xeon_e5-2648l_v4_firmware | - |
| intel | xeon_d-1557_firmware | - |
| intel | xeon_platinum_8276_firmware | - |
| intel | xeon_gold_6244_firmware | - |
| intel | xeon_e5-4660_v4_firmware | - |
| intel | atom_c2518_firmware | - |
| hpe | proliant_dl120_gen9_server_firmware | * |
| intel | xeon_d-2166nt_firmware | - |
| intel | xeon_d-1533n_firmware | - |
| intel | xeon_e7-8867_v4_firmware | - |
| intel | atom_c2750_firmware | - |
| intel | xeon_gold_6254_firmware | - |
| intel | xeon_gold_6138f_firmware | - |
| intel | xeon_e5-4650_v4_firmware | - |
| intel | xeon_silver_4214y_firmware | - |
| intel | atom_c2550_firmware | - |
| hpe | synergy_680_gen9_compute_module_firmware | * |
| intel | xeon_d-1649n_firmware | - |
| intel | xeon_gold_5220s_firmware | - |
| intel | xeon_gold_5218_firmware | - |
| hpe | proliant_bl660c_gen9_server_firmware | * |
| intel | atom_c3336_firmware | - |
| intel | xeon_e7-4820_v4_firmware | - |
| intel | xeon_d-1540_firmware | - |
| intel | xeon_gold_6128_firmware | - |
| intel | xeon_gold_5215l_firmware | - |
| hpe | proliant_ml350_gen9_server_firmware | * |
| intel | xeon_d-1539_firmware | - |
| intel | xeon_d-1559_firmware | - |
| intel | xeon_silver_4208_firmware | - |
| intel | xeon_e5-2697a_v4_firmware | - |
| intel | xeon_e5-2637_v4_firmware | - |
| intel | xeon_silver_4214_firmware | - |
| intel | xeon_gold_5115_firmware | - |
| intel | xeon_gold_6138_firmware | - |
| intel | xeon_silver_4215_firmware | - |
| intel | xeon_d-1543n_firmware | - |
| intel | xeon_gold_6240l_firmware | - |
| intel | xeon_e5-2683_v4_firmware | - |
| intel | xeon_platinum_8280_firmware | - |
| intel | xeon_d-1548_firmware | - |
| intel | xeon_platinum_8180_firmware | - |
| hpe | proliant_dl160_gen10_server_firmware | * |
| intel | xeon_silver_4116_firmware | - |
| intel | atom_c3830_firmware | - |
| intel | xeon_gold_6230_firmware | - |
| intel | xeon_silver_4209t_firmware | - |
| intel | xeon_bronze_3106_firmware | - |
| intel | atom_c2758_firmware | - |
| intel | xeon_d-1571_firmware | - |
| intel | xeon_gold_6130f_firmware | - |
| hpe | proliant_dl160_gen9_server_firmware | * |
| intel | xeon_e5-2609_v4_firmware | - |
| intel | atom_c3808_firmware | - |
| intel | xeon_d-1553n_firmware | - |
| intel | xeon_bronze_3104_firmware | - |
| intel | xeon_gold_6226_firmware | - |
| intel | xeon_e7-4850_v4_firmware | - |
| intel | xeon_platinum_9242_firmware | - |
| intel | xeon_gold_6222v_firmware | - |
| hpe | proliant_xl170r_gen9_server_firmware | * |
| intel | atom_c2530_firmware | - |
| intel | xeon_gold_5118_firmware | - |
| hpe | proliant_dl80_gen9_server_firmware | * |
| intel | xeon_gold_6126f_firmware | - |
| hpe | synergy_660_gen10_compute_module_firmware | * |
| hpe | synergy_620_gen9_compute_module_firmware | * |
| intel | xeon_platinum_8160f_firmware | - |
| intel | xeon_e7-4809_v4_firmware | - |
| intel | atom_c3958_firmware | - |
| intel | xeon_gold_5215m_firmware | - |
| intel | xeon_e7-8890_v4_firmware | - |
| intel | xeon_gold_5120_firmware | - |
| intel | xeon_gold_6148_firmware | - |
| hpe | proliant_xl450_gen9_server_firmware | * |
| intel | xeon_d-1541_firmware | - |
| intel | xeon_gold_6240m_firmware | - |
| intel | atom_c3950_firmware | - |
| intel | atom_c2308_firmware | - |
| hpe | proliant_ml150_gen9_server_firmware | * |
| intel | xeon_d-1528_firmware | - |
| hpe | synergy_480_gen10_compute_module_firmware | * |
| intel | xeon_d-1518_firmware | - |
| intel | xeon_e5-1650_v4_firmware | - |
| intel | xeon_e5-2695_v4_firmware | - |
| intel | xeon_gold_5120t_firmware | - |
| intel | xeon_gold_5215_firmware | - |
| intel | xeon_platinum_8268_firmware | - |
| intel | atom_c3708_firmware | - |
| intel | xeon_e5-2603_v4_firmware | - |
| intel | atom_c2516_firmware | - |
| intel | xeon_platinum_8280m_firmware | - |
| intel | xeon_d-2141i_firmware | - |
| intel | xeon_gold_5220_firmware | - |
| hpe | proliant_xl270d_gen10_server_firmware | * |
| intel | xeon_gold_6210u_firmware | - |
| intel | xeon_e7-8880_v4_firmware | - |
| intel | xeon_gold_6132_firmware | - |
| intel | xeon_e5-2630_v4_firmware | - |
| intel | xeon_gold_5218b_firmware | - |
| intel | atom_c2358_firmware | - |
| intel | xeon_platinum_8260l_firmware | - |
| intel | xeon_d-2146nt_firmware | - |
| intel | atom_c3858_firmware | - |
| intel | atom_c2338_firmware | - |
| intel | xeon_e7-8870_v4_firmware | - |
| intel | xeon_platinum_8274_firmware | - |
| hpe | proliant_dl180_gen10_server_firmware | * |
| intel | xeon_platinum_8260_firmware | - |
| intel | xeon_e5-2623_v4_firmware | - |
| intel | xeon_d-1529_firmware | - |
| hpe | proliant_dl60_gen9_server_firmware | * |
| intel | xeon_e5-4669_v4_firmware | - |
| intel | xeon_e7-8893_v4_firmware | - |
| intel | xeon_platinum_8260m_firmware | - |
| intel | xeon_gold_6212u_firmware | - |
| intel | xeon_e5-1620_v4_firmware | - |
| intel | xeon_gold_6130_firmware | - |
| intel | xeon_e5-2650l_v4_firmware | - |
| hpe | proliant_dl380_gen9_server_firmware | * |
| intel | xeon_gold_6142f_firmware | - |
| intel | xeon_gold_6144_firmware | - |
| intel | xeon_e7-8891_v4_firmware | - |
| intel | xeon_d-2142it_firmware | - |
| intel | xeon_gold_5122_firmware | - |
| intel | xeon_gold_6126t_firmware | - |
| hpe | proliant_xl190r_gen10_server_firmware | * |
| intel | atom_c3758_firmware | - |
| intel | xeon_d-1622_firmware | - |
| hpe | proliant_bl460c_gen10_server_blade_firmware | * |
| intel | atom_c3308_firmware | - |
| intel | xeon_platinum_8168_firmware | - |
| intel | xeon_silver_4112_firmware | - |
| intel | xeon_platinum_8170_firmware | - |
| intel | xeon_d-2123it_firmware | - |
| intel | atom_c2538_firmware | - |
| hpe | proliant_xl170r_gen10_server_firmware | * |
| intel | xeon_d-1627_firmware | - |
| intel | xeon_platinum_8253_firmware | - |
| intel | xeon_d-2161i_firmware | - |
| intel | xeon_gold_6262v_firmware | - |
| intel | xeon_gold_6246_firmware | - |
| intel | xeon_d-1531_firmware | - |
| intel | xeon_e5-2650_v4_firmware | - |
| intel | xeon_d-2183it_firmware | - |
| hpe | proliant_xl250a_gen9_server_firmware | * |
| intel | xeon_e5-2697_v4_firmware | - |
| hpe | proliant_dl560_gen10_server_firmware | * |
| hpe | proliant_dl380_gen10_server_firmware | * |
| intel | xeon_platinum_8280l_firmware | - |
| intel | xeon_e5-2618l_v4_firmware | - |
| intel | atom_c3508_firmware | - |
| intel | xeon_e5-2658_v4_firmware | - |
| hpe | proliant_dl180_gen9_server_firmware | * |
| intel | xeon_d-2187nt_firmware | - |
| intel | atom_c3558_firmware | - |
| hpe | proliant_xl450_gen10_server_firmware | * |
| intel | xeon_platinum_8276l_firmware | - |
| intel | xeon_gold_6240_firmware | - |
| intel | xeon_d-1623n_firmware | - |
| intel | xeon_d-2177nt_firmware | - |
| intel | xeon_e5-1680_v4_firmware | - |
| intel | xeon_e5-2608l_v4_firmware | - |
| intel | xeon_e5-1630_v4_firmware | - |
| hpe | apollo_4200_gen9_server_firmware | * |
| intel | xeon_e5-4655_v4_firmware | - |
| intel | xeon_gold_6138t_firmware | - |
| intel | xeon_e5-4640_v4_firmware | - |
| intel | atom_c2350_firmware | - |
| intel | xeon_gold_5218t_firmware | - |
| intel | atom_c3955_firmware | - |
| intel | xeon_gold_6238m_firmware | - |
| intel | xeon_d-1633n_firmware | - |
| intel | xeon_d-1602_firmware | - |
| intel | xeon_gold_6148f_firmware | - |
| intel | xeon_gold_6140_firmware | - |
| intel | atom_c2508_firmware | - |
| intel | xeon_e7-8860_v4_firmware | - |
| hpe | synergy_480_gen9_compute_module_firmware | * |
| intel | xeon_silver_4210_firmware | - |
| hpe | proliant_ml110_gen10_server_firmware | * |
| hpe | proliant_bl460c_gen9_server_blade_firmware | * |
| intel | xeon_d-1537_firmware | - |
| intel | xeon_platinum_8176_firmware | - |
| intel | xeon_gold_6252_firmware | - |
| intel | xeon_gold_5218n_firmware | - |
| intel | xeon_d-1521_firmware | - |
| intel | xeon_e5-4610_v4_firmware | - |
| intel | xeon_d-2191_firmware | - |
| intel | xeon_platinum_8270_firmware | - |
| intel | xeon_platinum_8260y_firmware | - |
| intel | xeon_platinum_8153_firmware | - |
| intel | xeon_e5-4628l_v4_firmware | - |
| hpe | proliant_dl580_gen9_server_firmware | * |
| hpe | proliant_dl580_gen10_server_firmware | * |
| intel | xeon_gold_6238l_firmware | - |
| intel | xeon_e5-2628l_v4_firmware | - |
| hpe | proliant_xl230a_gen9_server_firmware | * |
| intel | xeon_e5-2699a_v4_firmware | - |
| intel | xeon_gold_5222_firmware | - |
| hpe | proliant_dl560_gen9_server_firmware | * |
| intel | xeon_bronze_3204_firmware | - |
| intel | xeon_e5-2620_v4_firmware | - |
| intel | atom_c2738_firmware | - |
| intel | atom_c2558_firmware | - |
| intel | xeon_e5-2690_v4_firmware | - |
| hpe | proliant_xl730f_gen9_server_firmware | * |
| intel | xeon_e5-2643_v4_firmware | - |
| intel | xeon_platinum_8156_firmware | - |
| intel | xeon_gold_6238t_firmware | - |
| intel | xeon_gold_5217_firmware | - |
| intel | xeon_platinum_8276m_firmware | - |
| hpe | proliant_xl190r_gen9_server_firmware | * |
| intel | xeon_gold_6150_firmware | - |
| intel | xeon_gold_6152_firmware | - |
| intel | xeon_gold_6126_firmware | - |
| intel | xeon_gold_6248_firmware | - |
| intel | xeon_gold_6242_firmware | - |
| intel | xeon_e7-8894_v4_firmware | - |
| hpe | proliant_dl360_gen10_server_firmware | * |
| intel | xeon_d-2145nt_firmware | - |
| hpe | proliant_dl360_gen9_server_firmware | * |
| intel | xeon_platinum_8176f_firmware | - |
| intel | xeon_silver_4108_firmware | - |
| intel | atom_c3850_firmware | - |
| hpe | proliant_e910_server_blade_firmware | * |
| intel | atom_c3338_firmware | - |
| intel | xeon_silver_4114_firmware | - |
| intel | xeon_gold_6154_firmware | - |
| intel | xeon_gold_6252n_firmware | - |
| intel | xeon_platinum_8158_firmware | - |
| intel | xeon_platinum_9282_firmware | - |
| intel | xeon_platinum_8256_firmware | - |
| intel | xeon_d-2163it_firmware | - |
| intel | xeon_e5-4620_v4_firmware | - |
| intel | xeon_gold_6134_firmware | - |
| intel | xeon_gold_5220t_firmware | - |
| intel | xeon_d-1567_firmware | - |
| hpe | proliant_ml350_gen10_server_firmware | * |
| intel | xeon_e5-2660_v4_firmware | - |
| intel | xeon_d-1653n_firmware | - |
| hpe | proliant_ws460c_gen9_graphics_server_blade_firmware | * |
| intel | xeon_gold_6209u_firmware | - |
| intel | xeon_d-1527_firmware | - |
| intel | xeon_platinum_8160_firmware | - |
| intel | xeon_e5-4627_v4_firmware | - |
| intel | atom_c2718_firmware | - |
| intel | xeon_d-2173it_firmware | - |
| intel | xeon_d-1520_firmware | - |
| intel | xeon_gold_6140m_firmware | - |
| hpe | proliant_ml110_gen9_server_firmware | * |
| intel | xeon_e7-4830_v4_firmware | - |
| intel | xeon_e5-4667_v4_firmware | - |
| intel | atom_c2316_firmware | - |
| intel | xeon_platinum_8160t_firmware | - |
| intel | xeon_gold_6146_firmware | - |
| intel | xeon_d-1577_firmware | - |
| intel | xeon_e5-2667_v4_firmware | - |
| intel | xeon_platinum_8164_firmware | - |
| intel | xeon_e5-1660_v4_firmware | - |
| intel | xeon_e5-2680_v4_firmware | - |
| intel | atom_c3750_firmware | - |
| intel | xeon_e5-2640_v4_firmware | - |
| intel | atom_c3538_firmware | - |
| intel | xeon_e5-2699_v4_firmware | - |
A security vulnerability in HPE Smart Update Manager (SUM) prior to v8.4 could allow local unauthorized elevation of privilege.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | smart_update_manager | * |
A Remote Unauthorized Access vulnerability was identified in HPE Smart Update Manager (SUM) earlier than version 8.3.5.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | smart_update_manager | * |
Potential security vulnerabilities have been identified with HPE Nimble Storage systems in multi array group configurations. The vulnerabilities could be exploited by an attacker to gain elevated privileges on the array. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 3.9.2.0, 4.5.5.0, 5.0.8.0 and 5.1.3.0.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | nimbleos | * |
HPE Superdome Flex Server is vulnerable to multiple remote vulnerabilities via improper input validation of administrator commands. This vulnerability could allow an Administrator to bypass security restrictions and access multiple remote vulnerabilities including information disclosure, or denial of service. HPE has provided firmware updates that address the above vulnerabilities for the HPE Superdome Flex Server starting with firmware version v3.20.186 (not available online) and v3.20.206 (available online). Apply v3.20.206 (4 December 2019) or a newer version to resolve this issue. Please visit HPE Support Center https://support.hpe.com/hpesc/public/home to obtain the updated firmware for your product.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | superdome_flex_server_firmware | * |
Potential security vulnerabilities have been identified in HPE OpenCall Media Platform (OCMP) resulting in remote arbitrary file download and cross site scripting. HPE has made the following updates available to resolve the vulnerability in the impacted versions of OCMP. * For OCMP version 4.4.X - please upgrade to OCMP 4.4.8 and then install RP806 * For OCMP 4.5.x please contact HPE Technical Support to obtain the necessary software updates.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N | 1.7 | 4.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | opencall_media_platform | * |
A remote session reuse vulnerability leading to access restriction bypass was discovered in HPE MSA 2040 SAN Storage; HPE MSA 1040 SAN Storage; HPE MSA 1050 SAN Storage; HPE MSA 2042 SAN Storage; HPE MSA 2050 SAN Storage; HPE MSA 2052 SAN Storage version(s): GL225P001 and earlier; GL225P001 and earlier; VE270R001-01 and earlier; GL225P001 and earlier; VL270R001-01 and earlier; VL270R001-01 and earlier.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.4 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H | 0.5 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-613,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | msa_1040_firmware | * |
| hpe | msa_2042_firmware | * |
| hpe | msa_2050_firmware | * |
| hpe | msa_2052_firmware | * |
| hpe | msa_1050_firmware | * |
| hpe | msa_2040_firmware | * |
A remote session reuse vulnerability leading to access restriction bypass was discovered in HPE MSA 2040 SAN Storage; HPE MSA 1040 SAN Storage; HPE MSA 1050 SAN Storage; HPE MSA 2042 SAN Storage; HPE MSA 2050 SAN Storage; HPE MSA 2052 SAN Storage version(s): GL225P001 and earlier; GL225P001 and earlier; VE270R001-01 and earlier; GL225P001 and earlier; VL270R001-01 and earlier; VL270R001-01 and earlier.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | msa_1040_firmware | * |
| hpe | msa_2042_firmware | * |
| hpe | msa_2050_firmware | * |
| hpe | msa_2052_firmware | * |
| hpe | msa_1050_firmware | * |
| hpe | msa_2040_firmware | * |
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.6 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_for_power_little_endian | 7.0 |
| mozilla | thunderbird | - |
| redhat | enterprise_linux_workstation | 6.0 |
| netapp | cloud_backup | - |
| redhat | enterprise_linux_for_power_little_endian | 8.0 |
| oracle | jdk | 12.0.1 |
| redhat | satellite | 5.8 |
| canonical | ubuntu_linux | 18.10 |
| opensuse | leap | 15.0 |
| redhat | enterprise_linux_for_power_big_endian | 7.0 |
| opensuse | leap | 42.3 |
| hpe | xp7_command_view_advanced_edition_suite | * |
| netapp | e-series_santricity_storage_manager | * |
| oracle | java_se | 7u221 |
| redhat | enterprise_linux | 7.0 |
| netapp | e-series_santricity_management | - |
| netapp | oncommand_workflow_automation | * |
| redhat | enterprise_linux | 6.0 |
| hp | xp7_command_view | * |
| netapp | oncommand_insight | * |
| netapp | snapmanager | 3.4.2 |
| redhat | enterprise_linux_for_ibm_z_systems | 8.0 |
| oracle | hyperion_infrastructure_technology | 11.2.6.0 |
| redhat | enterprise_linux_for_ibm_z_systems | 6.0 |
| canonical | ubuntu_linux | 18.04 |
| netapp | plug-in_for_symantec_netbackup | - |
| opensuse | leap | 15.1 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 19.04 |
| redhat | enterprise_linux | 8.0 |
| netapp | e-series_santricity_unified_manager | * |
| oracle | java_se | 8u212 |
| netapp | active_iq_unified_manager | 9.6 |
| oracle | mysql | * |
| netapp | snapmanager | * |
| libpng | libpng | * |
| opensuse | package_hub | - |
| redhat | enterprise_linux_for_power_big_endian | 6.0 |
| netapp | steelstore | - |
| redhat | enterprise_linux_desktop | 6.0 |
| netapp | active_iq_unified_manager | * |
| netapp | e-series_santricity_web_services | * |
| oracle | jdk | 11.0.3 |
| redhat | enterprise_linux_workstation | 7.0 |
| redhat | enterprise_linux_for_scientific_computing | 6.0 |
| redhat | enterprise_linux_desktop | 7.0 |
| redhat | enterprise_linux_for_ibm_z_systems | 7.0 |
| debian | debian_linux | 9.0 |
| redhat | enterprise_linux_for_scientific_computing | 7.0 |
| debian | debian_linux | 8.0 |
| mozilla | firefox | - |
NTP through 4.2.8p12 has a NULL Pointer Dereference.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 29 |
| ntp | ntp | 4.2.8 |
| netapp | clustered_data_ontap | * |
| opensuse | leap | 15.0 |
| hpe | hpux-ntp | * |
| netapp | data_ontap | - |
| opensuse | leap | 42.3 |
| fedoraproject | fedora | 30 |
| fedoraproject | fedora | 28 |
| ntp | ntp | * |
A potential security vulnerability has been identified in Hewlett Packard Enterprise Universal API Framework. The vulnerability could be remotely exploited to allow SQL injection in HPE Universal API Framework for VMware Esxi v2.5.2 and HPE Universal API Framework for Microsoft Hyper-V (VHD).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | universal_api_framework | * |
Unathenticated directory traversal in the DownloadServlet class execute() method can lead to arbitrary file reads in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | utility_computing_service_meter | 1.9 |
Unathenticated directory traversal in the ReceiverServlet class doGet() method can lead to arbitrary file reads in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | utility_computing_service_meter | 1.9 |
Unathenticated directory traversal in the ReceiverServlet class doPost() method can lead to arbitrary remote code execution in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | utility_computing_service_meter | 1.9 |
A remote stored xss vulnerability was discovered in HPE KVM IP Console Switches version(s): G2 4x1Ex32 Prior to 2.8.3.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | 2.3 | 2.7 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | kvm_ip_console_switch_g2_firmware | * |
A remote code injection vulnerability was discovered in HPE KVM IP Console Switches version(s): G2 4x1Ex32 Prior to 2.8.3.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | kvm_ip_console_switch_g2_firmware | * |
A security vulnerability in HPE Smart Update Manager (SUM) prior to version 8.5.6 could allow remote unauthorized access. Hewlett Packard Enterprise has provided a software update to resolve this vulnerability in HPE Smart Update Manager (SUM) prior to 8.5.6. Please visit the HPE Support Center at https://support.hpe.com/hpesc/public/home to download the latest version of HPE Smart Update Manager (SUM). Download the latest version of HPE Smart Update Manager (SUM) or download the latest Service Pack For ProLiant (SPP).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | smart_update_manager | * |
A validation issue in HPE Superdome Flex's RMC component may allow local elevation of privilege. Apply HPE Superdome Flex Server version 3.25.46 or later to resolve this issue.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | superdome_flex_server_firmware | * |
Potential remote code execution security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to gain elevated privileges on the array. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 3.9.3.0 4.5.6.0 5.0.9.0 5.1.4.100
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | nimbleos | * |
Potential remote access security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to access and modify sensitive information on the system. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 3.9.3.0 4.5.6.0 5.0.9.0 5.1.4.100
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.1 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N | 2.8 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | nimbleos | * |
A potential security vulnerability has been identified in HPE Intelligent Provisioning, Service Pack for ProLiant, and HPE Scripting ToolKit. The vulnerability could be locally exploited to allow arbitrary code execution during the boot process. **Note:** This vulnerability is related to using insmod in GRUB2 in the specific impacted HPE product and HPE is addressing this issue. HPE has made the following software updates and mitigation information to resolve the vulnerability in Intelligent Provisioning, Service Pack for ProLiant, and HPE Scripting ToolKit. HPE provided latest Intelligent Provisioning, Service Pack for ProLiant, and HPE Scripting Toolkit which includes the GRUB2 patch to resolve this vulnerability. These new boot images will update GRUB2 and the Forbidden Signature Database (DBX). After the DBX is updated, users will not be able to boot to the older IP, SPP or Scripting ToolKit with Secure Boot enabled. HPE have provided a standalone DBX update tool to work with Microsoft Windows, and supported Linux Operating Systems. These tools can be used to update the Forbidden Signature Database (DBX) from within the OS. **Note:** This DBX update mitigates the GRUB2 issue with insmod enabled, and the "Boot Hole" issue for HPE signed GRUB2 applications.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | smartstart_scripting_toolkit | * |
| hpe | intelligent_provisioning | 3.31 |
| hpe | service_pack_for_proliant | * |
| hpe | intelligent_provisioning | 3.40 |
| hpe | intelligent_provisioning | * |
Idelji Web ViewPoint Suite, as used in conjunction with HPE NonStop, allows a remote replay attack for T0320L01^ABP through T0320L01^ABZ, T0952L01^AAH through T0952L01^AAR, T0986L01 through T0986L01^AAF, T0665L01^AAP, and T0662L01^AAP (L) and T0320H01^ABO through T0320H01^ABY, T0952H01^AAG through T0952H01^AAQ, T0986H01 through T0986H01^AAE, T0665H01^AAO, and T0662H01^AAO (J and H).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.9 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N | 2.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-294,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | web_viewpoint | t0320l01^aby |
| hpe | web_viewpoint | * |
| hpe | web_viewpoint | t0320l01^acd |
| hpe | web_viewpoint | 15.02.01 |
| hpe | web_viewpoint | 15.02.00 |
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice addlicense_func function.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | cloudline_cl4100_gen10_server_firmware | 1.10.0.0 |
| hpe | cloudline_cl3100_gen10_server_firmware | 1.10.0.0 |
| hpe | cloudline_cl5800_gen9_server_firmware | 1.09.0.0 |
| hpe | cloudline_cl5800_gen10_server_firmware | 1.08.0.0 |
| hpe | cloudline_cl5200_gen9_server_firmware | 1.07.0.0 |
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local spx_restservice deletevideo_func function path traversal vulnerability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | cloudline_cl4100_gen10_server_firmware | 1.10.0.0 |
| hpe | cloudline_cl3100_gen10_server_firmware | 1.10.0.0 |
| hpe | cloudline_cl5800_gen9_server_firmware | 1.09.0.0 |
| hpe | cloudline_cl4100_gen10_server_firmware | 1.08.0.0 |
| hpe | cloudline_cl3100_gen10_server_firmware | 1.08.0.0 |
| hpe | cloudline_cl5800_gen10_server_firmware | 1.08.0.0 |
| hpe | cloudline_cl5200_gen9_server_firmware | 1.07.0.0 |
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local spx_restservice delsolrecordedvideo_func function path traversal vulnerability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | cloudline_cl4100_gen10_server_firmware | 1.10.0.0 |
| hpe | cloudline_cl3100_gen10_server_firmware | 1.10.0.0 |
| hpe | cloudline_cl5800_gen9_server_firmware | 1.09.0.0 |
| hpe | cloudline_cl4100_gen10_server_firmware | 1.08.0.0 |
| hpe | cloudline_cl3100_gen10_server_firmware | 1.08.0.0 |
| hpe | cloudline_cl5800_gen10_server_firmware | 1.08.0.0 |
| hpe | cloudline_cl5200_gen9_server_firmware | 1.07.0.0 |
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice downloadkvmjnlp_func function.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | cloudline_cl4100_gen10_server_firmware | 1.10.0.0 |
| hpe | cloudline_cl3100_gen10_server_firmware | 1.10.0.0 |
| hpe | cloudline_cl5800_gen9_server_firmware | 1.09.0.0 |
| hpe | cloudline_cl4100_gen10_server_firmware | 1.08.0.0 |
| hpe | cloudline_cl3100_gen10_server_firmware | 1.08.0.0 |
| hpe | cloudline_cl5800_gen10_server_firmware | 1.08.0.0 |
| hpe | cloudline_cl5200_gen9_server_firmware | 1.07.0.0 |
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice generatesslcertificate_func function.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | cloudline_cl4100_gen10_server_firmware | 1.10.0.0 |
| hpe | cloudline_cl3100_gen10_server_firmware | 1.10.0.0 |
| hpe | cloudline_cl5800_gen9_server_firmware | 1.09.0.0 |
| hpe | cloudline_cl4100_gen10_server_firmware | 1.08.0.0 |
| hpe | cloudline_cl3100_gen10_server_firmware | 1.08.0.0 |
| hpe | cloudline_cl5800_gen10_server_firmware | 1.08.0.0 |
| hpe | cloudline_cl5200_gen9_server_firmware | 1.07.0.0 |
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local spx_restservice gethelpdata_func function path traversal vulnerability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | cloudline_cl4100_gen10_server_firmware | 1.10.0.0 |
| hpe | cloudline_cl3100_gen10_server_firmware | 1.10.0.0 |
| hpe | cloudline_cl5800_gen9_server_firmware | 1.09.0.0 |
| hpe | cloudline_cl4100_gen10_server_firmware | 1.08.0.0 |
| hpe | cloudline_cl3100_gen10_server_firmware | 1.08.0.0 |
| hpe | cloudline_cl5800_gen10_server_firmware | 1.08.0.0 |
| hpe | cloudline_cl5200_gen9_server_firmware | 1.07.0.0 |
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local spx_restservice getvideodata_func function path traversal vulnerability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | cloudline_cl4100_gen10_server_firmware | 1.10.0.0 |
| hpe | cloudline_cl3100_gen10_server_firmware | 1.10.0.0 |
| hpe | cloudline_cl5800_gen9_server_firmware | 1.09.0.0 |
| hpe | cloudline_cl4100_gen10_server_firmware | 1.08.0.0 |
| hpe | cloudline_cl3100_gen10_server_firmware | 1.08.0.0 |
| hpe | cloudline_cl5800_gen10_server_firmware | 1.08.0.0 |
| hpe | cloudline_cl5200_gen9_server_firmware | 1.07.0.0 |
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice setactdir_func function.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | cloudline_cl4100_gen10_server_firmware | 1.10.0.0 |
| hpe | cloudline_cl3100_gen10_server_firmware | 1.10.0.0 |
| hpe | cloudline_cl5800_gen9_server_firmware | 1.09.0.0 |
| hpe | cloudline_cl4100_gen10_server_firmware | 1.08.0.0 |
| hpe | cloudline_cl3100_gen10_server_firmware | 1.08.0.0 |
| hpe | cloudline_cl5800_gen10_server_firmware | 1.08.0.0 |
| hpe | cloudline_cl5200_gen9_server_firmware | 1.07.0.0 |
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice setfwimagelocation_func function.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | cloudline_cl4100_gen10_server_firmware | 1.10.0.0 |
| hpe | cloudline_cl3100_gen10_server_firmware | 1.10.0.0 |
| hpe | cloudline_cl5800_gen9_server_firmware | 1.09.0.0 |
| hpe | cloudline_cl4100_gen10_server_firmware | 1.08.0.0 |
| hpe | cloudline_cl3100_gen10_server_firmware | 1.08.0.0 |
| hpe | cloudline_cl5800_gen10_server_firmware | 1.08.0.0 |
| hpe | cloudline_cl5200_gen9_server_firmware | 1.07.0.0 |
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice setmediaconfig_func function.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | cloudline_cl4100_gen10_server_firmware | 1.10.0.0 |
| hpe | cloudline_cl3100_gen10_server_firmware | 1.10.0.0 |
| hpe | cloudline_cl5800_gen9_server_firmware | 1.09.0.0 |
| hpe | cloudline_cl4100_gen10_server_firmware | 1.08.0.0 |
| hpe | cloudline_cl3100_gen10_server_firmware | 1.08.0.0 |
| hpe | cloudline_cl5800_gen10_server_firmware | 1.08.0.0 |
| hpe | cloudline_cl5200_gen9_server_firmware | 1.07.0.0 |
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice setradiusconfig_func function.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | cloudline_cl4100_gen10_server_firmware | 1.10.0.0 |
| hpe | cloudline_cl3100_gen10_server_firmware | 1.10.0.0 |
| hpe | cloudline_cl5800_gen9_server_firmware | 1.09.0.0 |
| hpe | cloudline_cl4100_gen10_server_firmware | 1.08.0.0 |
| hpe | cloudline_cl3100_gen10_server_firmware | 1.08.0.0 |
| hpe | cloudline_cl5800_gen10_server_firmware | 1.08.0.0 |
| hpe | cloudline_cl5200_gen9_server_firmware | 1.07.0.0 |
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice setremoteimageinfo_func function.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | cloudline_cl4100_gen10_server_firmware | 1.10.0.0 |
| hpe | cloudline_cl3100_gen10_server_firmware | 1.10.0.0 |
| hpe | cloudline_cl5800_gen9_server_firmware | 1.09.0.0 |
| hpe | cloudline_cl4100_gen10_server_firmware | 1.08.0.0 |
| hpe | cloudline_cl3100_gen10_server_firmware | 1.08.0.0 |
| hpe | cloudline_cl5800_gen10_server_firmware | 1.08.0.0 |
| hpe | cloudline_cl5200_gen9_server_firmware | 1.07.0.0 |
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice setsmtp_func function.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | cloudline_cl4100_gen10_server_firmware | 1.10.0.0 |
| hpe | cloudline_cl3100_gen10_server_firmware | 1.10.0.0 |
| hpe | cloudline_cl5800_gen9_server_firmware | 1.09.0.0 |
| hpe | cloudline_cl4100_gen10_server_firmware | 1.08.0.0 |
| hpe | cloudline_cl3100_gen10_server_firmware | 1.08.0.0 |
| hpe | cloudline_cl5800_gen10_server_firmware | 1.08.0.0 |
| hpe | cloudline_cl5200_gen9_server_firmware | 1.07.0.0 |
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice setsolvideoremotestorage_func function.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | cloudline_cl4100_gen10_server_firmware | 1.10.0.0 |
| hpe | cloudline_cl3100_gen10_server_firmware | 1.10.0.0 |
| hpe | cloudline_cl5800_gen9_server_firmware | 1.09.0.0 |
| hpe | cloudline_cl4100_gen10_server_firmware | 1.08.0.0 |
| hpe | cloudline_cl3100_gen10_server_firmware | 1.08.0.0 |
| hpe | cloudline_cl5800_gen10_server_firmware | 1.08.0.0 |
| hpe | cloudline_cl5200_gen9_server_firmware | 1.07.0.0 |
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice startflash_func function.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | cloudline_cl4100_gen10_server_firmware | 1.10.0.0 |
| hpe | cloudline_cl3100_gen10_server_firmware | 1.10.0.0 |
| hpe | cloudline_cl5800_gen9_server_firmware | 1.09.0.0 |
| hpe | cloudline_cl4100_gen10_server_firmware | 1.08.0.0 |
| hpe | cloudline_cl3100_gen10_server_firmware | 1.08.0.0 |
| hpe | cloudline_cl5800_gen10_server_firmware | 1.08.0.0 |
| hpe | cloudline_cl5200_gen9_server_firmware | 1.07.0.0 |
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice uploadsshkey function.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | cloudline_cl4100_gen10_server_firmware | 1.10.0.0 |
| hpe | cloudline_cl3100_gen10_server_firmware | 1.10.0.0 |
| hpe | cloudline_cl5800_gen9_server_firmware | 1.09.0.0 |
| hpe | cloudline_cl4100_gen10_server_firmware | 1.08.0.0 |
| hpe | cloudline_cl3100_gen10_server_firmware | 1.08.0.0 |
| hpe | cloudline_cl5800_gen10_server_firmware | 1.08.0.0 |
| hpe | cloudline_cl5200_gen9_server_firmware | 1.07.0.0 |
A security vulnerability has been identified in in certain HPE and Aruba L2/L3 switch firmware. A data processing error due to improper handling of an unexpected data type in user supplied information to the switch's management interface has been identified. The data processing error could be exploited to cause a crash or reboot in the switch management interface and/or possibly the switch itself leading to local denial of service (DoS). The user must have administrator privileges to exploit this vulnerability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.4 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 0.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| arubanetworks | aruba_5412r_zl2_firmware | * |
| arubanetworks | aruba_2930f_firmware | * |
| arubanetworks | aruba_2920_firmware | * |
| hpe | 3500_yl_firmware | * |
| hpe | 3500_firmware | * |
| arubanetworks | aruba_2620_firmware | * |
| hpe | 6200_yl_firmware | * |
| arubanetworks | aruba_2530yb_firmware | * |
| hpe | 8200_zl_firmware | * |
| arubanetworks | aruba_5406r_zl2_firmware | * |
| arubanetworks | aruba_3810m_firmware | * |
| arubanetworks | aruba_2540_firmware | * |
| arubanetworks | aruba_2530ya_firmware | * |
| arubanetworks | aruba_2930m_firmware | * |
| arubanetworks | aruba_3800_firmware | * |
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webstartflash function.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | baseboard_management_controller | * |
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webupdatecomponent function.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | baseboard_management_controller | * |
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so websetservicecfg function.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | baseboard_management_controller | * |
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so websetremoteimageinfo function.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | baseboard_management_controller | * |
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so websetlicensecfg function.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | baseboard_management_controller | * |
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a command injection vulnerability in libifc.so websetdefaultlangcfg function.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-77,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | baseboard_management_controller | * |
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webifc_setadconfig function.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | baseboard_management_controller | * |
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webgetactivexcfg function.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | baseboard_management_controller | * |
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webgetactivexcfg function.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | baseboard_management_controller | * |
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webgeneratesslcfg function.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | baseboard_management_controller | * |
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a path traversal vulnerability in libifc.so webdeletevideofile function.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | baseboard_management_controller | * |
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a path traversal vulnerability in libifc.so webdeletesolvideofile function.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | baseboard_management_controller | * |
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a command injection vulnerability in libifc.so uploadsshkey function.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-77,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | baseboard_management_controller | * |
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so uploadsshkey function.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | baseboard_management_controller | * |
A potential security vulnerability has been identified in HPE Network Orchestrator (NetO) version(s): Prior to 2.5. The vulnerability could be remotely exploited with SQL injection.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | network_orchestrator | * |
A security vulnerability in HPE Unified Data Management (UDM) could allow the local disclosure of privileged information (CWE-321: Use of Hard-coded Cryptographic Key in a product). HPE has provided updates to versions 1.2009.0 and 1.2101.0 of HPE Unified Data Management (UDM). Version 1.2103.0 of HPE Unified Data Management (UDM) removes all hard-coded cryptographic keys.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 1.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-798,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | unified_data_management | 1.2009.0 |
| hpe | unified_data_management | 1.2101.0 |
A potential security vulnerability has been identified in HPE iLO Amplifier Pack. The vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS). HPE has provided the following software update to resolve the vulnerability in HPE iLO Amplifier Pack: HPE iLO Amplifier Pack 1.95 or later.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | integrated_lights-out_amplifier | * |
A potential security vulnerability has been identified in HPE Superdome Flex server. A denial of service attack can be remotely exploited leaving hung connections to the BMC web interface. The monarch BMC must be rebooted to recover from this situation. Other BMC management is not impacted. HPE has made the following software update to resolve the vulnerability in HPE Superdome Flex Server: Superdome Flex Server Firmware 3.30.142 or later.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | superdome_flex_server_firmware | * |
A potential vulnerability has been identified in HPE OneView Global Dashboard release 2.31 which could lead to a local disclosure of privileged information. HPE has provided an update to OneView Global Dashboard. The issue is resolved in 2.32.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 1.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | oneview_global_dashboard | 2.31 |
A potential DOM-based Cross Site Scripting security vulnerability has been identified in HPE StoreOnce. The vulnerability could be remotely exploited to cause an elevation of privilege leading to partial impact to confidentiality, availability, and integrity. HPE has made the following software update - HPE StoreOnce 4.3.0, to resolve the vulnerability in HPE StoreOnce.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L | 2.3 | 3.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | storeonce_3620_firmware | * |
| hpe | storeonce_3640_firmware | * |
| hpe | storeonce_5200_firmware | * |
| hpe | storeonce_5650_firmware | * |
| hpe | storeonce_5250_firmware | * |
| hpe | storeonce_vsa_4tb_firmware | * |
A potential security vulnerability has been identified in HPE 3PAR StoreServ, HPE Primera Storage and HPE Alletra 9000 Storage array firmware. An unauthenticated user could remotely exploit the low complexity issue to execute code as administrator. This vulnerability impacts completely the confidentiality, integrity, availability of the array. HPE has made the following software updates and mitigation information to resolve the vulnerability in 3PAR, Primera and Alletra 9000 firmware.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | 3par_os | 3.3.1_mp5_p156 |
| hpe | 3par_os | 3.3.2_ga_p_01 |
| hpe | primera_630_firmware | * |
| hpe | 3par_os | 3.3.1_mu2_p157 |
| hpe | primera_650_firmware | * |
| hpe | primera_670_firmware | * |
| hpe | alletra_9080_firmware | * |
| hpe | alletra_9060_firmware | * |
| hpe | 3par_os | 3.3.1_mu1 |
A potential security vulnerability has been identified in HPE Superdome Flex Servers. The vulnerability could be remotely exploited to allow Cross Site Scripting (XSS) because the Session Cookie is missing an HttpOnly Attribute. HPE has provided a firmware update to resolve the vulnerability in HPE Superdome Flex Servers.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-732,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | superdome_flex_firmware | * |
| hpe | superdome_flex_280_firmware | * |
A potential local bypass of security restrictions vulnerability has been identified in HPE ProLiant DL20 Gen10, HPE ProLiant ML30 Gen10, and HPE ProLiant MicroServer Gen10 Plus server's system ROMs prior to version 2.52. The vulnerability could be locally exploited to cause disclosure of sensitive information, denial of service (DoS), and/or compromise system integrity.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | proliant_dl20_gen10_server_firmware | * |
| hpe | proliant_ml30_gen10_server_firmware | * |
| hpe | proliant_microserver_gen10_plus_firmware | * |
A potential security vulnerability in HPE Ezmeral Data Fabric that may allow a remote access restriction bypass in the TEZ MapR ecosystem component was discovered in version(s): Prior to Tez-0.8: mapr-tez-0.8.201907081100-1.noarch; prior to Tez-0.9: mapr-tez-0.9.201907090334-1.noarch; prior to Tez-0.9.2: mapr-tez-0.9.2.0.201907081043-1.noarch. HPE has provided software updates to resolve the vulnerability in the TEZ MapR ecosystem component in HPE Ezmeral Data Fabric.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | tez | * |
A remote cross-site scripting vulnerability was discovered in HPE OneView Global Dashboard version(s): Prior to 2.5. HPE has provided a software update to resolve this vulnerability in HPE OneView Global Dashboard.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | oneview_global_dashboard | * |
A remote URL redirection vulnerability was discovered in HPE OneView Global Dashboard version(s): Prior to 2.5. HPE has provided a software update to resolve this vulnerability in HPE OneView Global Dashboard.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-601,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | oneview_global_dashboard | * |
A local unquoted search path security vulnerability has been identified in HPE Agentless Management Service for Windows version(s): Prior to 1.44.0.0, 10.96.0.0. This vulnerability could be exploited locally by a user with high privileges to execute malware that may lead to a loss of confidentiality, integrity, and availability. HPE has provided software updates to resolve the vulnerability in HPE Agentless Management Service for Windows.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-428,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | agentless_management | * |
| hpe | proliant_agentless_management | * |
A potential local buffer overflow vulnerability has been identified in HPE FlexNetwork 5130 EL Switch Series version: Prior to 5130_EI_7.10.R3507P02. HPE has made the following software update to resolve the vulnerability in HPE FlexNetwork 5130 EL Switch Series version 5130_EL_7.10.R3507P02.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | flexnetwork_5130_jg933a_firmware | * |
| hpe | flexnetwork_5130_jg937a_firmware | * |
| hpe | flexnetwork_5130_jg940a_firmware | * |
| hpe | flexnetwork_5130_jg932a_firmware | * |
| hpe | flexnetwork_5130_jg934a_firmware | * |
| hpe | flexnetwork_5130_jg936a_firmware | * |
| hpe | flexnetwork_5130_jg941a_firmware | * |
Idelji Web ViewPoint Suite, as used in conjunction with HPE NonStop, allows Remote Unauthorized Access for T0320L01^ABY and T0320L01^ACD, T0952L01^AAR through T0952L01^AAX, and T0986L01^AAD through T0986L01^AAJ (L) and T0320H01^ABW through T0320H01^ACC, T0952H01^AAQ through T0952H01^AAW, and T0986H01^AAC through T0986H01^AAI (J and H).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | web_viewpoint | t0320l01^aby |
| hpe | web_viewpoint | * |
| hpe | web_viewpoint | t0320l01^acd |
| hpe | web_viewpoint | 15.02.01 |
| hpe | web_viewpoint | 15.02.00 |
ETINET BACKBOX E4.09 and H4.09 mismanages password access control. When a user uses the User ID of the process running BBSV to login to the Backbox UI application, the system procedure (USER_AUTHENTICATE_) used for verifying the Password returns 0 (no error). The reason is that the user is not running the XYGate application. Hence, BBSV assumes the Password is correct. For H4.09, the affected version isT0954V04^AAO. For E4.09, the affected version is 22SEP2020. Note: If your current version is E4.10-16MAY2021 (version procedure T9999V04_16MAY2022_BPAKETI_10), a hotfix (FIXPAK-19OCT-2022) is available in version E4.10-19OCT2022. Resolution to CVE-2021-33895 in version E4.11-19OCT2022
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| etinet | backbox_e4.09_firmware | 2020-09-22 |
| hpe | backbox_h4.09_firmware | t0954v04^aao |
Multiple authenticated remote code execution vulnerabilities were discovered in the AOS-CX command line interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below. Aruba has released upgrades for Aruba AOS-CX devices that address these security vulnerabilities.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-77,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | arubaos-cx | * |
| hpe | arubaos-cx | 10.08.0001 |
An authenticated remote code execution vulnerability was discovered in the AOS-CX Network Analytics Engine (NAE) in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below. Aruba has released upgrades for Aruba AOS-CX devices that address this security vulnerability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-77,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | arubaos-cx | * |
Multiple authenticated remote path traversal vulnerabilities were discovered in the AOS-CX command line interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below. Aruba has released upgrades for Aruba AOS-CX devices that address these security vulnerabilities.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.1 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H | 2.8 | 5.2 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | arubaos-cx | * |
Multiple unauthenticated command injection vulnerabilities were discovered in the AOS-CX API interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below. Aruba has released upgrades for Aruba AOS-CX devices that address these security vulnerabilities.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | arubaos-cx | * |
A remote vulnerability was discovered in Aruba Instant On 1930 Switch Series version(s): Firmware below v1.0.7.0.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | aruba_instant_on_1930_8g_2sfp_firmware | * |
| hpe | aruba_instant_on_1930_24g_class4_poe_4sfp/sfp+_370w_firmware | * |
| hpe | aruba_instant_on_1930_8g_class4_poe_2sfp_124w_firmware | * |
| hpe | aruba_instant_on_1930_48g_class4_poe_4sfp/sfp+_370w_firmware | * |
| hpe | aruba_instant_on_1930_24g_class4_poe_4sfp/sfp+_195w_firmware | * |
| hpe | aruba_instant_on_1930_48g_4sfp/sfp+_firmware | * |
| hpe | aruba_instant_on_1930_24g_4sfp/sfp+_firmware | * |
A remote vulnerability was discovered in Aruba Instant On 1930 Switch Series version(s): Firmware below v1.0.7.0.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | aruba_instant_on_1930_8g_2sfp_firmware | * |
| hpe | aruba_instant_on_1930_24g_class4_poe_4sfp/sfp+_370w_firmware | * |
| hpe | aruba_instant_on_1930_8g_class4_poe_2sfp_124w_firmware | * |
| hpe | aruba_instant_on_1930_48g_class4_poe_4sfp/sfp+_370w_firmware | * |
| hpe | aruba_instant_on_1930_24g_class4_poe_4sfp/sfp+_195w_firmware | * |
| hpe | aruba_instant_on_1930_48g_4sfp/sfp+_firmware | * |
| hpe | aruba_instant_on_1930_24g_4sfp/sfp+_firmware | * |
A potential remote host header injection security vulnerability has been identified in HPE Integrated Lights-Out 4 (iLO 4) firmware version(s): Prior to 2.60. This vulnerability could be remotely exploited to allow an attacker to supply invalid input to the iLO 4 webserver, causing it to respond with a redirect to an attacker-controlled domain. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 4 (iLO 4).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-74,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | integrated_lights-out | * |
A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 Servers. The vulnerability could be locally exploited to allow an user with Administrator access to escalate their privilege. The vulnerability is resolved in the latest firmware update. HPE Superdome Flex Server Version 3.50.58 or later, HPE Superdome Flex 280 Server Version 1.20.204 or later.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | superdome_flex_server_firmware | * |
| hpe | superdome_flex_280_server_firmware | * |
A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays during update. This would potentially allow an attacker to intercept and modify network communication for software updates initiated by the Nimble appliance. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 5.0.10.100, 5.2.1.500, 6.0.0.100
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | nimbleos | * |
| hpe | nimbleos | 5.3.1.0 |
A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays, and HPE Nimble Storage Secondary Flash Arrays which could potentially allow the upload, but not execution, of unauthorized update binaries to the array. HPE has made the following software updates to resolve the vulnerability in HPE Nimble Storage: 5.0.10.100 or later, 5.2.1.0 or later, 6.0.0.100 or later.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | nimbleos | * |
| hpe | nimbleos | 5.3.1.0 |
A command injection security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays that could allow an attacker to execute arbitrary commands on a Nimble appliance. HPE has made the following software updates to resolve the vulnerability in HPE Nimble Storage: 5.0.10.100 or later, 5.2.1.0 or later, 6.0.0.100 or later.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-77,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | nimbleos | * |
A potential security vulnerability has been identified in the installer of HPE Version Control Repository Manager. The vulnerability could allow local escalation of privilege. HPE has made the following software update to resolve the vulnerability in HPE Version Control Repository Manager installer 7.6.14.0.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | control_repository_manager | * |
A remote authentication bypass vulnerability was discovered in HPE Cray Legacy Shasta System Solutions; HPE Slingshot; and HPE Cray EX supercomputers versions: Prior to node controller firmware associated with HPE Cray EX liquid cooled blades, and all versions of chassis controller firmware associated with HPE Cray EX liquid cooled cabinets prior to 1.6.27/1.5.33/1.4.27; All Slingshot versions prior to 1.7.2; All versions of node controller firmware associated with HPE Cray EX liquid cooled blades, and all versions of chassis controller firmware associated with HPE Cray EX liquid cooled cabinets prior to 1.6.27/1.5.33/1.4.27. HPE has provided a software update to resolve this vulnerability in HPE Cray Legacy Shasta System Solutions, HPE Slingshot, and HPE Cray EX Supercomputers.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | cray_sh_supercomputer_air_cooled_base_system_code_firmware | 1.6.27 |
| hpe | cray_ex_supercomputers_firmware | 1.5.33 |
| hpe | cray_sh_supercomputer_liquid_cooled_base_system_code_firmware | 1.4.27 |
| hpe | slingshot_firmware | * |
| hpe | cray_ex_supercomputers_firmware | 1.4.27 |
| hpe | cray_sh_supercomputer_liquid_cooled_tds_base_system_code_firmware | 1.6.27 |
| hpe | cray_sh_supercomputer_liquid_cooled_base_system_code_firmware | 1.6.27 |
| hpe | cray_sh_supercomputer_liquid_cooled_tds_base_system_code_firmware | 1.5.33 |
| hpe | cray_sh_supercomputer_liquid_cooled_base_system_code_firmware | 1.5.33 |
| hpe | cray_sh_supercomputer_air_cooled_base_system_code_firmware | 1.5.33 |
| hpe | cray_sh_supercomputer_air_cooled_base_system_code_firmware | 1.4.27 |
| hpe | cray_sh_supercomputer_liquid_cooled_tds_base_system_code_firmware | 1.4.27 |
| hpe | cray_ex_supercomputers_firmware | 1.6.27 |
A remote disclosure of sensitive information vulnerability was discovered in HPE NonStop DSM/SCM version: T6031H03^ADP. HPE has provided a software update to resolve this vulnerability in HPE NonStop DSM/SCM.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | nonstop_distributed_systems_management_/_software_configuration_manager | t6031h03^adp |
A potential security vulnerability has been identified in HPE StoreOnce Software. The SSH server supports weak key exchange algorithms which could lead to remote unauthorized access. HPE has made the following software update to resolve the vulnerability in HPE StoreOnce Software 4.3.2.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-327,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | storeonce_3640_firmware | * |
Security vulnerabilities in HPE IceWall SSO 10.0 certd could be exploited remotely to allow SQL injection or unauthorized data injection. HPE has provided the following updated modules to resolve these vulnerabilities. HPE IceWall SSO version 10.0 certd library Patch 9 for RHEL and HPE IceWall SSO version 10.0 certd library Patch 9 for HP-UX.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | icewall_sso_certd | 10.0 |
A potential security vulnerability has been identified in certain HPE FlexNetwork and FlexFabric switch products. The vulnerability could be remotely exploited to allow cross site scripting (XSS). HPE has made the following software updates to resolve the vulnerability. HPE FlexNetwork 5130EL_7.10.R3507P02 and HPE FlexFabric 5945_7.10.R6635.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.8 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N | 1.7 | 2.7 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | flexfabric_5945_firmware | 7.10.r6635 |
| hpe | flexnetwork_5130_ei_firmware | 7.10.r3507p02 |
A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. A highly privileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality, integrity, and availability. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | integrated_lights-out_5_firmware | * |
A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality, integrity, and availability. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.4 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 2.5 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | integrated_lights-out_5_firmware | * |
A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality, integrity, and availability. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.4 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 2.5 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | integrated_lights-out_5_firmware | * |
A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. A low privileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality, integrity, and availability. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | integrated_lights-out_5_firmware | * |
A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality and integrity, and a partial loss of availability. User interaction is required to exploit this vulnerability. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.3 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L | 1.8 | 5.5 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | integrated_lights-out_5_firmware | * |
A potential arbitrary code execution and a denial of service (DoS) vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could exploit this vulnerability in an adjacent network to potentially execute arbitrary code in an isolated process resulting in a complete loss of confidentiality, integrity, and availability within that process. In addition, an unprivileged user could exploit a denial of service (DoS) vulnerability in an isolated process resulting in a complete loss of availability within that process. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | integrated_lights-out_5_firmware | * |
A potential arbitrary code execution and a denial of service (DoS) vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could exploit this vulnerability in an adjacent network to potentially execute arbitrary code in an isolated process resulting in a complete loss of confidentiality, integrity, and availability within that process. In addition, an unprivileged user could exploit a denial of service (DoS) vulnerability in an isolated process resulting in a complete loss of availability within that process. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | integrated_lights-out_5_firmware | * |
A local disclosure of sensitive information and a local unauthorized data modification vulnerability were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could locally exploit this vulnerability to read and write to the iLO 5 firmware file system resulting in a complete loss of confidentiality and a partial loss of integrity and availability. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.3 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L | 2.5 | 4.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | integrated_lights-out_5_firmware | * |
A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. A highly privileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality, integrity, and availability. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | integrated_lights-out_5_firmware | * |
A potential local arbitrary code execution and a local denial of service (DoS) vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could locally exploit this vulnerability to potentially execute arbitrary code in an isolated process resulting in a complete loss of confidentiality, integrity, and availability within that process. In addition, an unprivileged user could exploit a denial of service (DoS) vulnerability in an isolated process resulting in a complete loss of availability within that process. A successful attack depends on conditions beyond the attackers control. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.4 | HIGH | CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | 1.4 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | integrated_lights-out_5_firmware | * |
A potential local arbitrary code execution and a local denial of service (DoS) vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could locally exploit this vulnerability to potentially execute arbitrary code in an isolated process resulting in a complete loss of confidentiality, integrity, and availability within that process. In addition, an unprivileged user could exploit a denial of service (DoS) vulnerability in an isolated process resulting in a complete loss of availability within that process. A successful attack depends on conditions beyond the attackers control. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.4 | HIGH | CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | 1.4 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | integrated_lights-out_5_firmware | * |
A local Denial of Service (DoS) and local arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability were discovered in HPE Integrated Lights-Out 5 (iLO 5) in Version: 2.71. Hewlett Packard Enterprise has provided updated firmware for HPE Integrated Lights-Out 5 (iLO 5) that addresses these security vulnerabilities.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | integrated_lights-out_5_firmware | * |
An isolated local disclosure of information and potential isolated local arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability were discovered in HPE Integrated Lights-Out 5 (iLO 5) in Version: 2.71. Hewlett Packard Enterprise has provided updated firmware for HPE Integrated Lights-Out 5 (iLO 5) that addresses these security vulnerabilities.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | integrated_lights-out_5_firmware | * |
A remote potential adjacent denial of service (DoS) and potential adjacent arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability were discovered in HPE Integrated Lights-Out 5 (iLO 5) in Version: 2.71. Hewlett Packard Enterprise has provided updated firmware for HPE Integrated Lights-Out 5 (iLO 5) that addresses these security vulnerabilities.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | integrated_lights-out_5_firmware | * |
A potential local adjacent arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability was discovered in HPE Integrated Lights-Out 5 (iLO 5) in Version: 2.71. Hewlett Packard Enterprise has provided updated firmware for HPE Integrated Lights-Out 5 (iLO 5) that addresses this security vulnerability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | integrated_lights-out_5_firmware | * |
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Hewlett Packard Enterprise HPE OneView Global Dashboard (OVGD).
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | oneview_global_dashboard | * |
Insufficient Verification of Data Authenticity vulnerability in Hewlett Packard Enterprise HPE Nimble Storage Hybrid Flash Arrays and Nimble Storage Secondary Flash Arrays.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | hf20_firmware | * |
| hpe | sf300_firmware | * |
| hpe | sf300_firmware | 5.3.0.0 |
| hpe | hf40c_firmware | 5.3.0.0 |
| hpe | hf20c_firmware | 5.3.0.0 |
| hpe | hf60c_firmware | 5.3.0.0 |
| hpe | sf100_firmware | 5.3.0.0 |
| hpe | hf60c_firmware | * |
| hpe | hf60_firmware | * |
| hpe | hf20c_firmware | * |
| hpe | hf60_firmware | 5.3.0.0 |
| hpe | sf100_firmware | * |
| hpe | hf20_firmware | 5.3.0.0 |
| hpe | hf40c_firmware | * |
| hpe | hf40_firmware | 5.3.0.0 |
| hpe | hf20h_firmware | 5.3.0.0 |
| hpe | hf40_firmware | * |
| hpe | hf20h_firmware | * |
Improper Privilege Management vulnerability in Hewlett Packard Enterprise Nimble Storage Hybrid Flash Arrays and Nimble Storage Secondary Flash Arrays.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | hf20_firmware | * |
| hpe | sf300_firmware | * |
| hpe | sf300_firmware | 5.3.0.0 |
| hpe | hf40c_firmware | 5.3.0.0 |
| hpe | hf20c_firmware | 5.3.0.0 |
| hpe | hf60c_firmware | 5.3.0.0 |
| hpe | sf100_firmware | 5.3.0.0 |
| hpe | hf60c_firmware | * |
| hpe | hf60_firmware | * |
| hpe | hf20c_firmware | * |
| hpe | hf60_firmware | 5.3.0.0 |
| hpe | sf100_firmware | * |
| hpe | hf20_firmware | 5.3.0.0 |
| hpe | hf40c_firmware | * |
| hpe | hf40_firmware | 5.3.0.0 |
| hpe | hf20h_firmware | 5.3.0.0 |
| hpe | hf40_firmware | * |
| hpe | hf20h_firmware | * |
A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays and HPE Nimble Storage Secondary Flash Arrays which could potentially allow local disclosure of sensitive information.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | hf20_firmware | * |
| hpe | sf300_firmware | * |
| hpe | sf300_firmware | 5.3.0.0 |
| hpe | hf40c_firmware | 5.3.0.0 |
| hpe | hf20c_firmware | 5.3.0.0 |
| hpe | hf60c_firmware | 5.3.0.0 |
| hpe | sf100_firmware | 5.3.0.0 |
| hpe | hf60c_firmware | * |
| hpe | hf60_firmware | * |
| hpe | hf20c_firmware | * |
| hpe | hf60_firmware | 5.3.0.0 |
| hpe | sf100_firmware | * |
| hpe | hf20_firmware | 5.3.0.0 |
| hpe | hf40c_firmware | * |
| hpe | hf40_firmware | 5.3.0.0 |
| hpe | hf20h_firmware | 5.3.0.0 |
| hpe | hf40_firmware | * |
| hpe | hf20h_firmware | * |
A potential security vulnerability has been identified in Hewlett Packard Enterprise OfficeConnect 1820, 1850, and 1920S Network switches. The vulnerability could be remotely exploited to allow authentication bypass. HPE has made the following software updates to resolve the vulnerability in Hewlett Packard Enterprise OfficeConnect 1820, 1850 and 1920S Network switches versions: Prior to PT.02.14; Prior to PC.01.22; Prior to PO.01.21; Prior to PD.02.22;
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | officeconnect_1820_j9984a_firmware | * |
| hpe | officeconnect_1850_48g_4xgt_poe+_firmware | * |
| hpe | officeconnect_1850_2xgt/spf+_firmware | * |
| hpe | officeconnect_1920s_48g_4sfp_firmware | * |
| hpe | officeconnect_1850_24g_2xgt_firmware | * |
| hpe | officeconnect_1920s_24g_2sfp_firmware | * |
| hpe | officeconnect_1920s_48g_4sfp_ppoe+_firmware | * |
| hpe | officeconnect_1850_48g_4xgt_firmware | * |
| hpe | officeconnect_1920s_8g_firmware | * |
| hpe | officeconnect_1820_j9979a_firmware | * |
| hpe | officeconnect_1820_j9981a_firmware | * |
| hpe | officeconnect_1820_j9983a_firmware | * |
| hpe | officeconnect_1850_24g_2xgt_poe+_firmware | * |
| hpe | officeconnect_1920s_8g_ppoe+_firmware | * |
| hpe | officeconnect_1820_j9982a_firmware | * |
| hpe | officeconnect_1850_6xgt_firmware | * |
| hpe | officeconnect_1820_j9980a_firmware | * |
| hpe | officeconnect_1920s_24g_2sfp_poe+_firmware | * |
| hpe | officeconnect_1920s_24g_2sfp_ppoe+_firmware | * |
A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 servers. The vulnerability could be exploited to allow local unauthorized data injection. HPE has made the following software updates to resolve the vulnerability in HPE Superdome Flex firmware 3.60.50 and below and Superdome Flex 280 servers firmware 1.40.60 and below.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | superdome_flex_firmware | * |
| hpe | superdome_flex_280_firmware | * |
A potential security vulnerability has been identified in HPE OfficeConnect 1820, and 1850 switch series. The vulnerability could be remotely exploited to allow remote directory traversal in HPE OfficeConnect 1820 switch series version PT.02.17 and below, HPE OfficeConnect 1850 switch series version PC.01.23 and below, and HPE OfficeConnect 1850 (10G aggregator) switch version PO.01.22 and below.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | officeconnect_1850_48g_4xgt_poe+_firmware | * |
| hpe | officeconnect_1850_2xgt/spf+_firmware | * |
| hpe | officeconnect_1850_24g_2xgt_firmware | * |
| hp | officeconnect_1820_48g_poe+_(370w)_switch_j9984a_firmware | * |
| hpe | officeconnect_1850_24g_2xgt_poe+_firmware | * |
| hpe | officeconnect_1850_48g_4xgt_firmware | * |
| hp | officeconnect_1820_8g_poe+_(65w)_switch_j9982a_firmware | * |
| hpe | officeconnect_1850_6xgt_firmware | * |
| hp | officeconnect_1820_8g_switch_j9979a_firmware | * |
| hp | officeconnect_1820_24g_poe+_(185w)_switch_j9983a_firmware | * |
Unauthenticated Java deserialization vulnerability in Serviceguard Manager
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | serviceguard_for_linux | * |
Pre-auth memory corruption in HPE Serviceguard
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | serviceguard_for_linux | * |
Unauthenticated server side request forgery in HPE Serviceguard Manager
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | serviceguard_for_linux | * |
A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 servers. The vulnerability could be locally exploited to allow disclosure of information. HPE has made the following software to resolve the vulnerability in HPE Superdome Flex Servers v3.65.8 and Superdome Flex 280 Servers v1.45.8.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 1.8 | 3.6 |
| security-alert@hpe.com | 2.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N | 0.8 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | superdome_flex_server_firmware | * |
| hpe | superdome_flex_280_server_firmware | * |
Potential security vulnerabilities have been identified in the HPE FlexFabric 5700 Switch Series. These vulnerabilities could be remotely exploited to allow host header injection and URL redirection. HPE has made the following software to resolve the vulnerability in HPE FlexFabric 5700 Switch Series version R2432P61 or later.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
| security-alert@hpe.com | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L | 3.9 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | flexfabric_5700_40xg_2qsfp+_firmware | * |
| hpe | flexfabric_5700_48g_4xg_2qsfp+_firmware | * |
An authenticated remote code execution vulnerability exists in the AOS-CX Network Analytics Engine. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system, leading to a complete compromise of the switch running AOS-CX.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-alert@hpe.com | 7.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | arubaos-cx | * |
HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hp | oneview | * |
| hpe | oneview_global_dashboard | * |
An HPE OneView Global Dashboard (OVGD) appliance dump may expose OVGD user account credentials
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | oneview_global_dashboard | * |
A security vulnerability in HPE Insight Remote Support may result in the local disclosure of privileged LDAP information.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | insight_remote_support | * |
The MC990 X and UV300 RMC component has and inadequate default configuration that could be exploited to obtain enhanced privilege.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | sgi_uv_300_rmc_firmware | * |
| hpe | integrity_mc990_x_server_rmc_firmware | * |
The vulnerability could be locally exploited to allow escalation of privilege.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-alert@hpe.com | 7.5 | HIGH | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H | 0.8 | 6.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | intelligent_provisioning | * |
HPE MSA Controller prior to version IN210R004 could be remotely exploited to allow inconsistent interpretation of HTTP requests.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-alert@hpe.com | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | 2.3 | 2.7 |
| nvd@nist.gov | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | 2.3 | 2.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | msa_1060_storage_firmware | * |
| hpe | msa_2060_storage_firmware | * |
| hpe | msa_2062_storage_firmware | * |
HPE Integrated Lights-Out 5, and Integrated Lights-Out 6 using iLOrest may cause denial of service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
| security-alert@hpe.com | 6.8 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H | 2.3 | 4.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | integrated_lights-out_6_firmware | * |
| hpe | integrated_lights-out_5_firmware | * |
A remote code execution issue exists in HPE OneView.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-alert@hpe.com | 7.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | oneview | * |
An authenticated command injection vulnerability exists in the AOS-CX command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands on the underlying operating system as a privileged user on the affected switch. This allows an attacker to fully compromise the underlying operating system on the device running AOS-CX.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-alert@hpe.com | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | arubaos-cx | * |
A vulnerability in the ArubaOS-Switch web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface provided certain configuration options are present. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-alert@hpe.com | 8.3 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H | 1.6 | 6.0 |
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | arubaos-switch | * |
An authenticated remote code execution vulnerability exists in the command line interface in ArubaOS-Switch. Successful exploitation results in a Denial-of-Service (DoS) condition in the switch.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
| security-alert@hpe.com | 6.6 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:L | 1.3 | 4.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | arubaos-switch | * |
A memory corruption vulnerability in ArubaOS-Switch could lead to unauthenticated remote code execution by receiving specially crafted packets. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
| security-alert@hpe.com | 4.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H | 0.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | arubaos-switch | * |
A potential security vulnerability has been identified in HPE Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 6 (iLO 6). The vulnerability could be remotely exploited to allow authentication bypass.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
| security-alert@hpe.com | 7.5 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N | 2.2 | 4.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | integrated_lights-out_6_firmware | * |
| hpe | integrated_lights-out_5_firmware | * |
An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-alert@hpe.com | 7.3 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L | 3.9 | 3.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | insight_remote_support | * |
HPE Cray Parallel Application Launch Service (PALS) is subject to an authentication bypass.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | cray_parallel_application_launch_service | * |
An authentication bypass vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.3 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L | 3.9 | 3.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | autopass_license_server | * |
An hsqldb-related remote code execution vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.0 | HIGH | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.1 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | autopass_license_server | * |
An information disclosure vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | autopass_license_server | * |
An information disclosure vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | autopass_license_server | * |
A java deserialization vulnerability in HPE Remote Insight Support may allow an unauthenticated attacker to execute code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-alert@hpe.com | 8.1 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | 2.2 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | insight_remote_support | * |
An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-alert@hpe.com | 7.3 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L | 3.9 | 3.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | insight_remote_support | * |
An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-alert@hpe.com | 7.3 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L | 3.9 | 3.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | insight_remote_support | * |
A directory traversal vulnerability in Hewlett Packard Enterprise Insight Remote Support may allow remote code execution.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-alert@hpe.com | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | insight_remote_support | * |
A vulnerability in the HPE Performance Cluster Manager (HPCM) GUI could allow an attacker to bypass authentication.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.1 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | 2.2 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | performance_cluster_manager | * |
A command injection remote code execution vulnerability exists in HPE StoreOnce Software.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | storeonce_system | * |
A server-side request forgery vulnerability exists in HPE StoreOnce Software.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | storeonce_system | * |
A command injection remote code execution vulnerability exists in HPE StoreOnce Software.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
| security-alert@hpe.com | 7.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | storeonce_system | * |
A command injection remote code execution vulnerability exists in HPE StoreOnce Software.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | storeonce_system | * |
An authentication bypass vulnerability exists in HPE StoreOnce Software.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-alert@hpe.com | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | storeonce_system | * |
A directory traversal arbitrary file deletion vulnerability exists in HPE StoreOnce Software.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.1 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H | 3.9 | 5.2 |
| security-alert@hpe.com | 5.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H | 1.2 | 4.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | storeonce_system | * |
A directory traversal information disclosure vulnerability exists in HPE StoreOnce Software.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | storeonce_system | * |
A command injection remote code execution vulnerability exists in HPE StoreOnce Software.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | storeonce_system | * |
A vulnerability in HPE Insight Remote Support (IRS) prior to v7.15.0.646 may allow an unauthenticated denial of service
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | insight_remote_support | * |
A path traversal vulnerability exists in HPE Insight Remote Support (IRS) prior to v7.15.0.646.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | insight_remote_support | * |
A remote code execution vulnerability exists in HPE Insight Remote Support (IRS) prior to v7.15.0.646.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | insight_remote_support | * |
An hsqldb-related remote code execution vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.18.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-alert@hpe.com | 7.5 | HIGH | CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | 1.6 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | autopass_license_server | * |
An authentication bypass and disclosure of information vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.18.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-alert@hpe.com | 7.3 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L | 3.9 | 3.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | autopass_license_server | * |
An authentication bypass vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.18.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-alert@hpe.com | 7.3 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L | 3.9 | 3.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | autopass_license_server | * |
A vulnerability in the SSH restricted shell interface of the network management services allows improper access control for authenticated read-only users. If successfully exploited, this vulnerability could allow an attacker with read-only privileges to gain administrator access on the affected system.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-alert@hpe.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | arubaos-cx | * |
A platform-level denial-of-service (DoS) vulnerability exists in ArubaOS-CX software. Successful exploitation of this vulnerability could allow an attacker with administrative access to execute specific code that renders the switch non-bootable and effectively non-functional.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-alert@hpe.com | 6.8 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H | 2.3 | 4.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | arubaos-cx | * |
A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution (RCE) on the affected system.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-alert@hpe.com | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N | 1.4 | 5.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | arubaos-cx | * |
A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution (RCE) on the affected system.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-alert@hpe.com | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N | 1.4 | 5.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | arubaos-cx | * |
A vulnerability in the web management interface of the AOS-CX OS user authentication service could allow an authenticated remote attacker to hijack an active user session. Successful exploitation may enable the attacker to maintain unauthorized access to the session, potentially leading to the view or modification of sensitive configuration data.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-alert@hpe.com | 5.8 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N | 0.6 | 5.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | arubaos-cx | * |
A broken access control (BAC) vulnerability in the web-based management interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitation of this vulnerability could enable the attacker to disclose sensitive data.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-alert@hpe.com | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | arubaos-cx | * |
A remote code execution issue exists in HPE OneView.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-alert@hpe.com | 10.0 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H | 3.9 | 6.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | oneview | * |
An authentication bypass in the application API allows an unauthorized administrative account to be created. A remote attacker could exploit this vulnerability to create privileged user accounts. Successful exploitation could allow an attacker to gain administrative access, modify system configurations, and access or manipulate sensitive data.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-alert@hpe.com | 8.8 | HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | aruba_networking_private_5g_core | * |
A vulnerability in the management API of the affected product could allow an unauthenticated remote attacker to trigger service restarts. Successful exploitation could allow an attacker to disrupt services and negatively impact system availability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-alert@hpe.com | 6.5 | MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | aruba_networking_private_5g_core | * |
Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow an unauthenticated remote attacker to obtain sensitive information. Successful exploitation could allow an attacker to access details such as user accounts, roles, and system configuration, as well as to gain insight into internal services and workflows, increasing the risk of unauthorized access and elevated privileges when combined with other vulnerabilities.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-alert@hpe.com | 6.5 | MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | aruba_networking_private_5g_core | * |
Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow an unauthenticated remote attacker to obtain sensitive information. Successful exploitation could allow an attacker to access details such as user accounts, roles, and system configuration, as well as to gain insight into internal services and workflows, increasing the risk of unauthorized access and elevated privileges when combined with other vulnerabilities.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-alert@hpe.com | 6.5 | MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hpe | aruba_networking_private_5g_core | * |