Vulnerabilities > HPE

DATE CVE VULNERABILITY TITLE RISK
2022-06-24 CVE-2022-28619 Unspecified vulnerability in HPE Control Repository Manager
A potential security vulnerability has been identified in the installer of HPE Version Control Repository Manager.
local
low complexity
hpe
4.6
2022-06-24 CVE-2022-28620 Improper Authentication vulnerability in HPE products
A remote authentication bypass vulnerability was discovered in HPE Cray Legacy Shasta System Solutions; HPE Slingshot; and HPE Cray EX supercomputers versions: Prior to node controller firmware associated with HPE Cray EX liquid cooled blades, and all versions of chassis controller firmware associated with HPE Cray EX liquid cooled cabinets prior to 1.6.27/1.5.33/1.4.27; All Slingshot versions prior to 1.7.2; All versions of node controller firmware associated with HPE Cray EX liquid cooled blades, and all versions of chassis controller firmware associated with HPE Cray EX liquid cooled cabinets prior to 1.6.27/1.5.33/1.4.27.
network
low complexity
hpe CWE-287
7.5
2022-05-20 CVE-2022-28618 Command Injection vulnerability in HPE Nimbleos
A command injection security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays that could allow an attacker to execute arbitrary commands on a Nimble appliance.
network
low complexity
hpe CWE-77
7.5
2022-05-09 CVE-2022-23705 Incorrect Authorization vulnerability in HPE Nimbleos
A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays, and HPE Nimble Storage Secondary Flash Arrays which could potentially allow the upload, but not execution, of unauthorized update binaries to the array.
network
low complexity
hpe CWE-863
5.0
2022-04-12 CVE-2021-41004 Unspecified vulnerability in HPE products
A remote vulnerability was discovered in Aruba Instant On 1930 Switch Series version(s): Firmware below v1.0.7.0.
network
low complexity
hpe
7.8
2022-04-12 CVE-2021-41005 Unspecified vulnerability in HPE products
A remote vulnerability was discovered in Aruba Instant On 1930 Switch Series version(s): Firmware below v1.0.7.0.
network
low complexity
hpe
6.8
2022-04-12 CVE-2022-23702 Improper Privilege Management vulnerability in HPE products
A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 Servers.
local
low complexity
hpe CWE-269
4.6
2022-04-12 CVE-2022-23703 Unspecified vulnerability in HPE Nimbleos
A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays during update.
network
low complexity
hpe
5.0
2022-03-02 CVE-2021-41000 Command Injection vulnerability in HPE Arubaos-Cx
Multiple authenticated remote code execution vulnerabilities were discovered in the AOS-CX command line interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below.
network
low complexity
hpe CWE-77
critical
9.0
2022-03-02 CVE-2021-41001 Command Injection vulnerability in HPE Arubaos-Cx
An authenticated remote code execution vulnerability was discovered in the AOS-CX Network Analytics Engine (NAE) in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below.
network
low complexity
hpe CWE-77
critical
9.0