Vulnerabilities > HP > Operations Agent

DATE CVE VULNERABILITY TITLE RISK
2017-05-04 CVE-2017-3733 Improper Input Validation vulnerability in multiple products
During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite).
network
low complexity
openssl hp CWE-20
5.0
5.0
2014-10-19 CVE-2014-2647 Cross-Site Scripting vulnerability in HP Operations Agent
Cross-site scripting (XSS) vulnerability in HP Operations Agent in HP Operations Manager (formerly OpenView Communications Broker) before 11.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
hp CWE-79
4.3
4.3
2014-08-12 CVE-2014-2630 Local Privilege Escalation vulnerability in HP Operations Agent 11.0
Unspecified vulnerability in HP Operations Agent 11.00, when Glance is used, allows local users to gain privileges via unknown vectors.
local
hp
4.4
4.4
2012-07-11 CVE-2012-2020 Unspecified vulnerability in HP Operations Agent
Unspecified vulnerability in HP Operations Agent before 11.03.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1326.
network
low complexity
hp
critical
 10.0
10
2012-07-11 CVE-2012-2019 Unspecified vulnerability in HP Operations Agent
Unspecified vulnerability in HP Operations Agent before 11.03.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1325.
network
low complexity
hp
critical
 10.0
10
2011-11-24 CVE-2011-4160 Local Unauthorized Access vulnerability in HP Operations Agent and Performance Agent
Unspecified vulnerability in HP Operations Agent 11.00 and Performance Agent 4.73 and 5.0 on AIX, HP-UX, Linux, and Solaris allows local users to bypass intended directory-access restrictions via unknown vectors.
local
low complexity
hp ibm linux sun
3.2
3.2
2011-07-01 CVE-2011-2608 Improper Input Validation vulnerability in HP Openview Performance Agent and Operations Agent
ovbbccb.exe 6.20.50.0 and other versions in HP OpenView Performance Agent 4.70 and 5.0; and Operations Agent 11.0, 8.60.005, 8.60.006, 8.60.007, 8.60.008, 8.60.501, and 8.53; allows remote attackers to delete arbitrary files via a full pathname in the File field in a Register command.
network
low complexity
hp CWE-20
6.4
6.4
2010-09-08 CVE-2010-3005 Unspecified vulnerability in HP Operations Agent 7.36/8.60
Unspecified vulnerability in HP Operations Agent 7.36 and 8.6 on Windows allows local users to gain privileges via unknown vectors.
local
low complexity
hp microsoft
6.8
6.8
2010-09-08 CVE-2010-3004 Unspecified vulnerability in HP Operations Agent 7.36/8.60
Unspecified vulnerability in HP Operations Agent 7.36 and 8.6 on Windows allows remote attackers to execute arbitrary code via unknown vectors.
network
low complexity
hp microsoft
7.5
7.5
2010-02-09 CVE-2010-0444 Credentials Management vulnerability in HP Operations Agent 8.51/8.52/8.53
HP Operations Agent 8.51, 8.52, 8.53, and 8.60 on Solaris 10 uses a blank password for the opc_op account, which allows remote attackers to execute arbitrary code via unspecified vectors.
network
low complexity
hp sun CWE-255
critical
 10.0
10