Vulnerabilities > HP > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-31 | CVE-2017-14356 | SQL Injection vulnerability in HP products An SQL Injection vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. | 9.8 |
| 2017-10-11 | CVE-2017-5791 | Improper Authentication vulnerability in HP Intelligent Management Center Plat 7.2 The doFilter method in UrlAccessController in HPE Intelligent Management Center (iMC) PLAT 7.2 E0403P06 allows remote bypass of authentication via unspecified strings in a URI. | 9.8 |
| 2017-10-11 | CVE-2017-5789 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in HP Loadrunner and Performance Center HPE LoadRunner before 12.53 Patch 4 and HPE Performance Center before 12.53 Patch 4 allow remote attackers to execute arbitrary code via unspecified vectors. | 9.8 |
| 2017-10-10 | CVE-2017-8994 | Improper Input Validation vulnerability in HP Operations Orchestration A input validation vulnerability in HPE Operations Orchestration product all versions prior to 10.80, allows for the execution of code remotely. | 9.8 |
| 2017-09-30 | CVE-2017-14351 | Unspecified vulnerability in HP Ucmdb Configuration Manager A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. | 9.8 |
| 2017-09-30 | CVE-2017-14350 | Missing Authentication for Critical Function vulnerability in HP Application Performance Management 9.26/9.30/9.40 A potential security vulnerability has been identified in HPE Application Performance Management (BSM) Platform versions 9.26, 9.30, 9.40. | 9.8 |
| 2017-09-30 | CVE-2017-14349 | Improper Privilege Management vulnerability in HP Sitescope An authentication vulnerability in HPE SiteScope product versions 11.2x and 11.3x, allows read-only accounts to view all SiteScope interfaces and monitors, potentially exposing sensitive data. | 9.8 |
| 2017-09-30 | CVE-2017-13983 | Improper Authentication vulnerability in HP BSM Platform Application Performance Management System Health 9.26/9.30/9.40 An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to bypass authentication. | 9.8 |
| 2017-03-11 | CVE-2017-5638 | Improper Handling of Exceptional Conditions vulnerability in multiple products The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string. | 9.8 |
| 2016-09-16 | CVE-2016-2182 | Out-of-bounds Write vulnerability in multiple products The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors. | 9.8 |