Vulnerabilities > HP > Operations Manager > 9.21

DATE CVE VULNERABILITY TITLE RISK
2016-09-08 CVE-2016-4380 Cross-site Scripting vulnerability in HP Operations Manager 9.21
Cross-site scripting (XSS) vulnerability in the AdminUI in HPE Operations Manager 9.21.x before 9.21.130 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
hp CWE-79
5.4
5.4
2016-08-01 CVE-2016-4373 Improper Access Control vulnerability in HP Operations Manager 9.20.0/9.21/9.21.120
The AdminUI in HPE Operations Manager (OM) before 9.21.130 on Linux, Unix, and Solaris allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
network
low complexity
hp CWE-284
critical
 9.8
9.8