HPE Security Vulnerabilities
Vulnerabilities exist which allow an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing...
6.5CVSS
6.3AI Score
0.001EPSS
An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in the ability to delete arbitrary files in the underlying operating...
8.1CVSS
7.9AI Score
0.0005EPSS
Vulnerabilities exist which allow an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing...
6.5CVSS
6.3AI Score
0.001EPSS
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating...
7.2CVSS
7.4AI Score
0.0005EPSS
There is an unauthenticated buffer overflow vulnerability in the process controlling the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in a Denial-of-Service (DoS) condition affecting the web-based management interface of the...
7.5CVSS
7.8AI Score
0.0005EPSS
A vulnerability in ArubaOS could allow an unauthenticated remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in...
6.1CVSS
6.2AI Score
0.001EPSS
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating...
7.2CVSS
7.4AI Score
0.0005EPSS
An authenticated remote command injection vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully....
7.2CVSS
7.4AI Score
0.001EPSS
A vulnerability exists in the Aruba EdgeConnect Enterprise web management interface that allows remote authenticated users to issue arbitrary URL requests from the Aruba EdgeConnect Enterprise instance. The impact of this vulnerability is limited to a subset of URLs which can result in the...
4.3CVSS
4.5AI Score
0.001EPSS
Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the...
8.8CVSS
8.9AI Score
0.001EPSS
Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the...
8.8CVSS
8.9AI Score
0.001EPSS
Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying operating system, including sensitive system...
6.5CVSS
6.6AI Score
0.001EPSS
Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the...
8.8CVSS
8.9AI Score
0.001EPSS
Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying operating system, including sensitive system...
6.5CVSS
6.6AI Score
0.001EPSS
Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the...
8.8CVSS
8.9AI Score
0.001EPSS
Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the...
8.8CVSS
8.9AI Score
0.001EPSS
Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying operating system, including sensitive system...
6.5CVSS
6.6AI Score
0.001EPSS
Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the...
8.8CVSS
8.9AI Score
0.001EPSS
The MC990 X and UV300 RMC component has and inadequate default configuration that could be exploited to obtain enhanced...
7.8CVSS
7.5AI Score
0.0004EPSS
A security vulnerability in HPE Insight Remote Support may result in the local disclosure of privileged LDAP...
5.5CVSS
5.4AI Score
0.0004EPSS
HP-UX could be exploited locally to create a Denial of Service (DoS) when any physical interface is configured with...
5.5CVSS
5.3AI Score
0.0004EPSS
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities.....
9.8CVSS
9.7AI Score
0.004EPSS
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities.....
9.8CVSS
9.7AI Score
0.004EPSS
A vulnerability exists in Aruba InstantOS and ArubaOS 10 where an edge-case combination of network configuration, a specific WLAN environment and an attacker already possessing valid user credentials on that WLAN can lead to sensitive information being disclosed via the WLAN. The scenarios...
5.4CVSS
5.1AI Score
0.0004EPSS
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities.....
9.8CVSS
9.7AI Score
0.004EPSS
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities.....
9.8CVSS
9.7AI Score
0.004EPSS
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities.....
9.8CVSS
9.7AI Score
0.004EPSS
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities.....
9.8CVSS
9.7AI Score
0.004EPSS
Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating...
8.8CVSS
9AI Score
0.001EPSS
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities.....
9.8CVSS
9.7AI Score
0.004EPSS
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities.....
9.8CVSS
9.7AI Score
0.004EPSS
Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating...
8.8CVSS
9AI Score
0.001EPSS
Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating...
8.8CVSS
9AI Score
0.001EPSS
An unauthenticated Denial of Service (DoS) vulnerability exists in a service accessed via the PAPI protocol provided by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access...
7.5CVSS
7.4AI Score
0.001EPSS
A potential security vulnerability has been identified in HPE ProLiant RL300 Gen11 Server. The vulnerability could result in the system being vulnerable to exploits by attackers with physical access inside the server...
6.8CVSS
6.4AI Score
0.001EPSS
5.5CVSS
5.5AI Score
0.0004EPSS
7.8CVSS
7.6AI Score
0.0004EPSS
5.5CVSS
5.5AI Score
0.0004EPSS
7.1CVSS
7AI Score
0.0004EPSS
5.5CVSS
5.5AI Score
0.0004EPSS
HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication...
5.5CVSS
5.7AI Score
0.0004EPSS
An HPE OneView Global Dashboard (OVGD) appliance dump may expose OVGD user account...
5.5CVSS
5.6AI Score
0.0004EPSS
HPE OneView virtual appliance "Migrate server hardware" option may expose sensitive information in an HPE OneView support...
5.5CVSS
5.3AI Score
0.0004EPSS
Vulnerabilities within the web-based management interface of ClearPass Policy Manager could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's...
7.1CVSS
6AI Score
0.001EPSS
A vulnerability in the web-based management interface of ClearPass Policy Manager could allow a remote attacker authenticated with low privileges to access sensitive information. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further...
7.6CVSS
6.3AI Score
0.001EPSS
A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an unauthenticated remote attacker to create arbitrary users on the platform. A successful exploit allows an attacker to achieve total cluster...
9.8CVSS
9.3AI Score
0.003EPSS
A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges to those of a higher role. A successful exploit allows malicious users to execute arbitrary code with root level privileges on the Linux...
7.8CVSS
7.7AI Score
0.0004EPSS
A remote Cross-site Scripting vulnerability was discovered in HPE Integrated Lights-Out 6 (iLO 6), Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 4 (iLO 4). HPE has provided software updates to resolve this vulnerability in HPE Integrated...
8.3CVSS
5.4AI Score
0.0005EPSS
Vulnerabilities within the web-based management interface of ClearPass Policy Manager could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's...
7.1CVSS
6AI Score
0.001EPSS
9.8CVSS
9.4AI Score
0.002EPSS