Shodan
Vulnerabilities
Vulnerable Software
Hp:  Security Vulnerabilities
CVE-2015-6029
HP ArcSight Logger before 6.0 P2 does not limit attempts to authenticate to the SOAP interface, which makes it easier for remote attackers to obtain access via a brute-force approach.
CVSS Score
5.0
EPSS Score
0.102
Published
2015-11-04
CVE-2015-2903
The CWSAPI SOAP service in HP ArcSight SmartConnectors before 7.1.6 has a hardcoded password, which makes it easier for remote attackers to obtain administrative access by leveraging knowledge of this password.
CVSS Score
6.9
EPSS Score
0.032
Published
2015-11-04
CVE-2015-2902
HP ArcSight SmartConnectors before 7.1.6 do not verify X.509 certificates from Logger devices, which allows man-in-the-middle attackers to spoof devices and obtain sensitive information via a crafted certificate.
CVSS Score
6.8
EPSS Score
0.009
Published
2015-11-04
CVE-2015-5444
Multiple cross-site scripting (XSS) vulnerabilities in HP Smart Profile Server Data Analytics Layer (SPS DAL) 2.3 before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
4.3
EPSS Score
0.006
Published
2015-10-18
CVE-2015-5443
HP 3PAR Service Processor SP 4.2.0.GA-29 (GA) SPOCC, SP 4.3.0.GA-17 (GA) SPOCC, and SP 4.3.0-GA-24 (MU1) SPOCC allows remote authenticated users to obtain sensitive information via unspecified vectors.
CVSS Score
4.0
EPSS Score
0.002
Published
2015-10-12
CVE-2015-5435
Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 3 before 1.85 and 4 before 2.22 allows remote authenticated users to cause a denial of service via unknown vectors.
CVSS Score
4.0
EPSS Score
0.003
Published
2015-09-30
CVE-2015-5442
Unspecified vulnerability in HP Software Update before 5.005.002.002 allows local users to gain privileges via unknown vectors.
CVSS Score
4.6
EPSS Score
0.001
Published
2015-09-29
CVE-2015-5440
HP UCMDB 10.00 and 10.01 before 10.01CUP12, 10.10 and 10.11 before 10.11CUP6, and 10.2x before 10.21 allows local users to obtain sensitive information via unspecified vectors.
CVSS Score
4.9
EPSS Score
0.008
Published
2015-09-16
CVE-2015-2136
HP ArcSight Logger before 6.0 P2 allows remote authenticated users to bypass the intended authorization policy via unspecified vectors.
CVSS Score
4.0
EPSS Score
0.001
Published
2015-09-16
CVE-2015-5426
Unspecified vulnerability in HP LoadRunner Controller before 12.50 allows local users to gain privileges via unknown vectors, aka ZDI-CAN-2756.
CVSS Score
4.6
EPSS Score
0.001
Published
2015-09-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved