Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Hpe Subscribe
Total 132 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-11999 1 Hpe 1 Opencall Media Platform 2020-05-01 4.9 MEDIUM 6.9 MEDIUM
Potential security vulnerabilities have been identified in HPE OpenCall Media Platform (OCMP) resulting in remote arbitrary file download and cross site scripting. HPE has made the following updates available to resolve the vulnerability in the impacted versions of OCMP. * For OCMP version 4.4.X - please upgrade to OCMP 4.4.8 and then install RP806 * For OCMP 4.5.x please contact HPE Technical Support to obtain the necessary software updates.
CVE-2016-4370 1 Hpe 1 Project And Portfolio Management Center 2020-04-29 6.5 MEDIUM 8.8 HIGH
HPE Project and Portfolio Management Center (PPM) 9.2x and 9.3x before 9.32.0002 allows remote authenticated users to execute arbitrary commands or obtain sensitive information via unspecified vectors.
CVE-2019-12001 1 Hpe 12 Msa 1040, Msa 1040 Firmware, Msa 1050 and 9 more 2020-04-28 7.1 HIGH 6.4 MEDIUM
A remote session reuse vulnerability leading to access restriction bypass was discovered in HPE MSA 2040 SAN Storage; HPE MSA 1040 SAN Storage; HPE MSA 1050 SAN Storage; HPE MSA 2042 SAN Storage; HPE MSA 2050 SAN Storage; HPE MSA 2052 SAN Storage version(s): GL225P001 and earlier; GL225P001 and earlier; VE270R001-01 and earlier; GL225P001 and earlier; VL270R001-01 and earlier; VL270R001-01 and earlier.
CVE-2019-12002 1 Hpe 12 Msa 1040, Msa 1040 Firmware, Msa 1050 and 9 more 2020-04-28 10.0 HIGH 9.8 CRITICAL
A remote session reuse vulnerability leading to access restriction bypass was discovered in HPE MSA 2040 SAN Storage; HPE MSA 1040 SAN Storage; HPE MSA 1050 SAN Storage; HPE MSA 2042 SAN Storage; HPE MSA 2050 SAN Storage; HPE MSA 2052 SAN Storage version(s): GL225P001 and earlier; GL225P001 and earlier; VE270R001-01 and earlier; GL225P001 and earlier; VL270R001-01 and earlier; VL270R001-01 and earlier.
CVE-2019-11998 1 Hpe 2 Superdome Flex Server, Superdome Flex Server Firmware 2020-01-29 5.0 MEDIUM 5.5 MEDIUM
HPE Superdome Flex Server is vulnerable to multiple remote vulnerabilities via improper input validation of administrator commands. This vulnerability could allow an Administrator to bypass security restrictions and access multiple remote vulnerabilities including information disclosure, or denial of service. HPE has provided firmware updates that address the above vulnerabilities for the HPE Superdome Flex Server starting with firmware version v3.20.186 (not available online) and v3.20.206 (available online). Apply v3.20.206 (4 December 2019) or a newer version to resolve this issue. Please visit HPE Support Center https://support.hpe.com/hpesc/public/home to obtain the updated firmware for your product.
CVE-2019-11137 2 Hpe, Intel 568 Apollo 4200 Gen10 Server, Apollo 4200 Gen10 Server Firmware, Apollo 4200 Gen9 Server and 565 more 2019-11-22 4.6 MEDIUM 8.2 HIGH
Insufficient input validation in system firmware for Intel(R) Xeon(R) Scalable Processors, Intel(R) Xeon(R) Processors D Family, Intel(R) Xeon(R) Processors E5 v4 Family, Intel(R) Xeon(R) Processors E7 v4 Family and Intel(R) Atom(R) processor C Series may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.
CVE-2018-20732 6 Hpe, Ibm, Linux and 3 more 6 Hp-ux Ipfilter, Aix, Linux Kernel and 3 more 2019-02-07 7.5 HIGH 9.8 CRITICAL
SAS Web Infrastructure Platform before 9.4M6 allows remote attackers to execute arbitrary code via a Java deserialization variant.
CVE-2018-20733 6 Hpe, Ibm, Linux and 3 more 6 Hp-ux Ipfilter, Aix, Linux Kernel and 3 more 2019-02-01 5.0 MEDIUM 7.5 HIGH
BI Web Services in SAS Web Infrastructure Platform before 9.4M6 allows XXE.
CVE-2015-9281 6 Hpe, Ibm, Linux and 3 more 6 Hp-ux Ipfilter, Aix, Linux Kernel and 3 more 2019-01-24 4.3 MEDIUM 6.1 MEDIUM
Logon Manager in SAS Web Infrastructure Platform before 9.4M3 allows reflected XSS on the Timeout page.
CVE-2018-7108 1 Hpe 1 Storageworks Xp7 Automation Director 2019-01-07 4.3 MEDIUM 5.9 MEDIUM
HPE StorageWorks XP7 Automation Director (AutoDir) version 8.5.2-02 to earlier than 8.6.1-00 has a local and remote authentication bypass vulnerability that exposed the user authentication information of the storage system. This problem sometimes occurred under specific conditions when running a service template.
CVE-2018-7110 2 Hpe, Redhat 2 Service Governance Framework, Linux 2018-12-03 4.3 MEDIUM 5.9 MEDIUM
A remote unauthorized disclosure of information vulnerability was identified in HPE Service Governance Framework (SGF) version 4.2, 4.3. A race condition under high load in SGF exists where SGF transferred different parameter to the enabler.
CVE-2018-7107 1 Hpe 1 Device Entitlement Gateway 2018-11-21 6.5 MEDIUM 8.8 HIGH
A potential security vulnerability has been identified in HPE Device Entitlement Gateway (DEG) v3.2.4, v3.3 and v3.3.1. The vulnerability could be remotely exploited to allow local SQL injection and elevation of privilege.