Hewlett Packard Enterprise (HPE) Security Vulnerabilities

CVE-2019-5402

A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to...

CVE-2019-5400

A remote session reuse vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to...

CVE-2019-5407

A remote information disclosure vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to...

CVE-2019-5408

Command View Advanced Edition (CVAE) products contain a vulnerability that could expose configuration information of hosts and storage systems that are managed by Device Manager server. This problem is due to a vulnerability in Device Manager GUI. The following products are affected. DevMgr...

CVE-2019-5404

A remote script injection vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to...

CVE-2019-5403

A remote multiple cross-site scripting vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to...

CVE-2019-5405

A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to...

CVE-2019-5406

A remote session reuse vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to...

CVE-2019-5398

A remote multiple multiple cross-site vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to...

CVE-2019-5397

A remote bypass of security restrictions vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to...

CVE-2019-5399

A remote gain authorized access vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to...

CVE-2019-5396

A remote authentication bypass vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to...

CVE-2019-5395

A remote arbitrary file upload vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to...

CVE-2019-11991

HPE has identified a vulnerability in HPE 3PAR Service Processor (SP) version 4.1 through 4.4. HPE 3PAR Service Processor (SP) version 4.1 through 4.4 has a remote information disclosure vulnerability which can allow for the disruption of the confidentiality, integrity and availability of the...

CVE-2018-7116

HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to a remote denial of service via dbman Opcode 10003 'Filename'. This problem is resolved in IMC PLAT 7.3 (E0605P06) or subsequent...

CVE-2018-7115

HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to a remote buffer overflow in dbman.exe opcode 10001 on Windows. This problem is resolved in IMC PLAT 7.3 (E0605P06) or subsequent...

CVE-2018-7112

The HPE-provided Windows firmware installer for certain Gen9, Gen8, G7,and G6 HPE servers allows local disclosure of privileged information. This issue was resolved in previously provided firmware updates as follows. The HPE Windows firmware installer was updated in the system ROM updates which...

CVE-2018-7114

HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to remote buffer overflow in dbman leading to code execution. This problem is resolved in IMC PLAT 7.3 (E0605P06) or subsequent...

CVE-2018-7113

A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) prior to v1.37 could be locally exploited to bypass the security restrictions for firmware...

CVE-2018-7076

A remote code execution vulnerability was identified in HPE Intelligent Management Center (iMC) prior to iMC PLAT 7.3...

CVE-2018-7110

A remote unauthorized disclosure of information vulnerability was identified in HPE Service Governance Framework (SGF) version 4.2, 4.3. A race condition under high load in SGF exists where SGF transferred different parameter to the...

CVE-2018-7111

A remote unauthorized access vulnerability was identified in HPE UIoT versions 1.5, 1.4.0, 1.4.1, 1.4.2, 1.2.4.2. Specifically, there is a malfunction identified in some section of the DSM portal and some DSM APIs. The impact of the malfunction is that the info can be changed by other...

CVE-2018-7108

HPE StorageWorks XP7 Automation Director (AutoDir) version 8.5.2-02 to earlier than 8.6.1-00 has a local and remote authentication bypass vulnerability that exposed the user authentication information of the storage system. This problem sometimes occurred under specific conditions when running a...

CVE-2018-7109

HPE has addressed a remote arbitrary file modification vulnerability in HPE enhanced Internet Usage Manager (eIUM) v9.0FP1 with the cumulative patch for v9.0FP1 -...

CVE-2018-7107

A potential security vulnerability has been identified in HPE Device Entitlement Gateway (DEG) v3.2.4, v3.3 and v3.3.1. The vulnerability could be remotely exploited to allow local SQL injection and elevation of...

CVE-2018-7102

A security vulnerability in HPE Intelligent Management Center (iMC) PLAT E0506P09, createFabricAutoCfgFile could be remotely exploited via directory traversal to allow remote arbitrary file...

CVE-2018-7103

A Remote Code Execution vulnerability was identified in HPE Intelligent Management Center (iMC) Wireless Services Manager Software earlier than version IMC WSM 7.3...

CVE-2018-7101

A potential remote denial of service security vulnerability has been identified in HPE Integrated Lights Out 4 prior to v2.60 and iLO 5 for Gen 10 servers prior to...

CVE-2018-7104

A Remote Code Execution vulnerability was identified in HPE Intelligent Management Center (iMC) Wireless Services Manager Software earlier than version IMC WSM 7.3...

CVE-2018-7105

A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers prior to v1.35, HPE Integrated Lights-Out 4 (iLO 4) prior to v2.61, HPE Integrated Lights-Out 3 (iLO 3) prior to v1.90 could be remotely exploited to execute arbitrary code leading to disclosure of...

CVE-2018-7098

A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be locally exploited to allow directory...

CVE-2018-7100

A potential security vulnerability has been identified in HPE OfficeConnect 1810 Switch Series (HP 1810-24G - P.2.22 and previous versions, HP 1810-48G PK.1.34 and previous versions, HP 1810-8 v2 P.2.22 and previous versions). The vulnerability could allow local disclosure of sensitive...

CVE-2018-7099

A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be locally exploited to allow disclosure of privileged...

CVE-2018-7097

A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow cross-site request...

CVE-2018-7096

A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow code...

CVE-2018-7093

A security vulnerability in HPE Integrated Lights-Out 3 prior to v1.90, iLO 4 prior to v2.60, iLO 5 prior to v1.30, Moonshot Chassis Manager firmware prior to v1.58, and Moonshot Component Pack prior to v2.55 could be remotely exploited to create a denial of...

CVE-2018-7095

A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow access restriction...

CVE-2018-7077

A security vulnerability in HPE XP P9000 Command View Advanced Edition (CVAE) Device Manager (DevMgr 8.5.0-00 and prior to 8.6.0-00), Configuration Manager (CM 8.5.0-00 and prior to 8.6.0-00) could be exploited to allow local and remote unauthorized access to sensitive...

CVE-2018-7094

A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-5.0.0.0-22913(GA). The vulnerability may be exploited locally to allow disclosure of privileged...

CVE-2018-7073

A local arbitrary file modification vulnerability was identified in HPE Moonshot Provisioning Manager prior to...

CVE-2018-7075

A remote cross-site scripting (XSS) vulnerability was identified in HPE Intelligent Management Center (iMC) PLAT version v7.3 (E0506). The vulnerability is fixed in Intelligent Management Center PLAT 7.3 E0605P04 or subsequent...

CVE-2018-7078

A remote code execution was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than version v2.60 and HPE Integrated Lights-Out 5 (iLO 5) earlier than version...

CVE-2018-7074

A remote code execution vulnerability was identified in HPE Intelligent Management Center (iMC) PLAT 7.3 E0506P07. The vulnerability was resolved in iMC PLAT 7.3 E0605P04 or subsequent...

CVE-2018-7091

HPE XP P9000 Command View Advanced Edition Software (CVAE) has open URL redirection vulnerability in versions 7.0.0-00 to earlier than 8.60-00 of DevMgr, TSMgr and...

CVE-2018-7090

HPE XP P9000 Command View Advanced Edition Software (CVAE) has local and remote cross site scripting vulnerability in versions 7.0.0-00 to earlier than 8.60-00 of DevMgr, TSMgr and...

CVE-2018-7092

A potential security vulnerability has been identified in HPE Intelligent Management Center Platform (IMC Plat) 7.3 E0506P09. The vulnerability could be remotely exploited to allow for remote directory traversal leading to arbitrary file...

CVE-2018-7071

HPE has identified a remote access to sensitive information vulnerability in HPE Network Function Virtualization Director (NFVD) 4.2.1 prior to gui patch...

CVE-2018-7072

A remote bypass of security restrictions vulnerability was identified in HPE Moonshot Provisioning Manager prior to...

CVE-2018-7070

HPE has identified a remote disclosure of information vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent...

CVE-2017-8989

A security vulnerability in HPE IceWall SSO Dfw 10.0 and 11.0 on RHEL, HP-UX, and Windows could be exploited remotely to allow URL...