Hp: Security Vulnerabilities
The doFilter method in UrlAccessController in HPE Intelligent Management Center (iMC) PLAT 7.2 E0403P06 allows remote bypass of authentication via unspecified strings in a URI.
CVSS Score
9.8
EPSS Score
0.643
Published
2017-10-11
A input validation vulnerability in HPE Operations Orchestration product all versions prior to 10.80, allows for the execution of code remotely.
CVSS Score
9.8
EPSS Score
0.014
Published
2017-10-10
A remote code execution vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33, could be remotely exploited to allow code execution.
CVSS Score
8.8
EPSS Score
0.014
Published
2017-10-05
A remote cross-site scripting vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33 could be remotely exploited to allow cross-site scripting.
CVSS Score
6.1
EPSS Score
0.005
Published
2017-10-05
A directory traversal vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows users to upload unrestricted files.
CVSS Score
8.8
EPSS Score
0.033
Published
2017-09-30
An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to bypass authentication.
CVSS Score
9.8
EPSS Score
0.149
Published
2017-09-30
An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to delete arbitrary files via servlet directory traversal.
CVSS Score
6.5
EPSS Score
0.013
Published
2017-09-30
An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to traverse directory leading to disclosure of information.
CVSS Score
6.5
EPSS Score
0.004
Published
2017-09-30
A reflected Cross-Site Scripting(XSS) vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows for unintended information when a specific URL is sent to the system.
CVSS Score
6.1
EPSS Score
0.004
Published
2017-09-30
An insufficient access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows an unauthorized user to download log files.
CVSS Score
6.5
EPSS Score
0.003
Published
2017-09-30