Vulnerabilities > HP > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-04-20 | CVE-2016-2002 | Command Injection vulnerability in HP Vertica The validateAdminConfig handler in the Analytics Management Console in HPE Vertica 7.0.x before 7.0.2.12, 7.1.x before 7.1.2-12, and 7.2.x before 7.2.2-1 allows remote attackers to execute arbitrary commands via the mcPort parameter, aka ZDI-CAN-3417. | 9.8 |
| 2016-04-05 | CVE-2016-2000 | Data Processing Errors vulnerability in HP products HPE Asset Manager 9.40, 9.41, and 9.50 and Asset Manager CloudSystem Chargeback 9.40 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. | 9.8 |
| 2016-03-22 | CVE-2016-1998 | Improper Input Validation vulnerability in HP Service Manager HPE Service Manager (SM) 9.3x before 9.35 P4 and 9.4x before 9.41.P2 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. | 9.8 |
| 2016-03-22 | CVE-2016-1997 | Improper Input Validation vulnerability in HP products HPE Operations Orchestration 10.x before 10.51 and Operations Orchestration content before 1.7.0 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. | 9.8 |
| 2016-03-19 | CVE-2016-2245 | Improper Authentication vulnerability in HP Support Assistant 8.1.40.3 HP Support Assistant before 8.1.52.1 allows remote attackers to bypass authentication via unspecified vectors. | 9.8 |
| 2016-03-18 | CVE-2016-1995 | Unspecified vulnerability in HP System Management Homepage HPE System Management Homepage before 7.5.4 allows remote attackers to execute arbitrary code via unspecified vectors. | 9.8 |
| 2016-03-15 | CVE-2016-1989 | Unspecified vulnerability in HP Network Automation HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-1988. | 9.8 |
| 2016-03-15 | CVE-2016-1988 | Unspecified vulnerability in HP Network Automation HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-1989. | 9.8 |
| 2016-02-12 | CVE-2016-1986 | Code Injection vulnerability in HP Continuous Delivery Automation 1.3.0 HP Continuous Delivery Automation (CDA) 1.30 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. | 9.8 |
| 2016-01-30 | CVE-2016-1985 | Code Injection vulnerability in HP Operations Manager HPE Operations Manager 8.x and 9.0 on Windows allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. | 10.0 |