Hp: Security Vulnerabilities
A remote information disclosure vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
CVSS Score
6.3
EPSS Score
0.002
Published
2019-08-09
Command View Advanced Edition (CVAE) products contain a vulnerability that could expose configuration information of hosts and storage systems that are managed by Device Manager server. This problem is due to a vulnerability in Device Manager GUI. The following products are affected. DevMgr version 7.0.0-00 to earlier than 8.6.1-02 RepMgr if it is installed on the same machine as DevMgr TSMgr if it is installed on the same machine as DevMgr. The resolution is to upgrade to the fixed version as described below or later version of DevMgr 8.6.2-02 or later. RepMgr and TSMgr will be corrected by upgrading DevMgr.
CVSS Score
6.5
EPSS Score
0.005
Published
2019-08-09
A remote bypass of security restrictions vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.
CVSS Score
9.4
EPSS Score
0.013
Published
2019-08-09
A remote multiple multiple cross-site vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.
CVSS Score
5.4
EPSS Score
0.003
Published
2019-08-09
A remote gain authorized access vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.
CVSS Score
9.4
EPSS Score
0.006
Published
2019-08-09
A remote arbitrary file upload vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.
CVSS Score
8.8
EPSS Score
0.004
Published
2019-08-09
A remote authentication bypass vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.
CVSS Score
9.4
EPSS Score
0.013
Published
2019-08-09
A potential security vulnerability has been identified in HP2910al-48G version W.15.14.0016. The attack exploits an xss injection by setting the attack vector in one of the switch persistent configuration fields (management URL, location, contact). But admin privileges are required to configure these fields thereby reducing the likelihood of exploit. HPE Aruba has provided firmware updates to resolve the vulnerability in HP 2910-48G al Switch. Please update to W.15.14.0017.
CVSS Score
4.8
EPSS Score
0.003
Published
2019-08-01
Mitigates a stored cross site scripting issue in ArcSight Security Management Center versions prior to 2.9.1
CVSS Score
4.6
EPSS Score
0.003
Published
2019-07-25
Mitigates a stored cross site scripting issue in ArcSight Logger versions prior to 6.7.1
CVSS Score
4.6
EPSS Score
0.003
Published
2019-07-24