Vulnerabilities > HPE

DATE CVE VULNERABILITY TITLE RISK
2020-10-02 CVE-2020-24628 Code Injection vulnerability in HPE KVM IP Console Switch G2 Firmware
A remote code injection vulnerability was discovered in HPE KVM IP Console Switches version(s): G2 4x1Ex32 Prior to 2.8.3.
network
low complexity
hpe CWE-94
6.5
2020-10-02 CVE-2020-24627 Cross-Site Scripting vulnerability in HPE KVM IP Console Switch G2 Firmware
A remote stored xss vulnerability was discovered in HPE KVM IP Console Switches version(s): G2 4x1Ex32 Prior to 2.8.3.
network
hpe CWE-79
3.5
2020-09-23 CVE-2020-24626 Path Traversal vulnerability in HPE Utility Computing Service Meter 1.9
Unathenticated directory traversal in the ReceiverServlet class doPost() method can lead to arbitrary remote code execution in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9.
network
low complexity
hpe CWE-22
7.5
2020-09-23 CVE-2020-24625 Path Traversal vulnerability in HPE Utility Computing Service Meter 1.9
Unathenticated directory traversal in the ReceiverServlet class doGet() method can lead to arbitrary file reads in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9.
network
low complexity
hpe CWE-22
5.0
2020-09-23 CVE-2020-24624 Path Traversal vulnerability in HPE Utility Computing Service Meter 1.9
Unathenticated directory traversal in the DownloadServlet class execute() method can lead to arbitrary file reads in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9.
network
low complexity
hpe CWE-22
5.0
2020-09-18 CVE-2020-24623 SQL Injection vulnerability in HPE Universal API Framework
A potential security vulnerability has been identified in Hewlett Packard Enterprise Universal API Framework.
low complexity
hpe CWE-89
3.3
2020-07-30 CVE-2020-7205 Code Injection vulnerability in HPE products
A potential security vulnerability has been identified in HPE Intelligent Provisioning, Service Pack for ProLiant, and HPE Scripting ToolKit.
local
low complexity
hpe CWE-94
7.2
2020-05-19 CVE-2020-7139 Information Exposure vulnerability in HPE Nimbleos
Potential remote access security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to access and modify sensitive information on the system.
network
low complexity
hpe CWE-200
5.5
2020-05-19 CVE-2020-7138 Improper Input Validation vulnerability in HPE Nimbleos
Potential remote code execution security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to gain elevated privileges on the array.
network
low complexity
hpe CWE-20
6.5
2020-05-19 CVE-2020-7137 Improper Input Validation vulnerability in HPE Superdome Flex Server Firmware 3.20.186/3.20.206
A validation issue in HPE Superdome Flex's RMC component may allow local elevation of privilege.
local
low complexity
hpe CWE-20
4.6