Vulnerabilities > HPE

DATE CVE VULNERABILITY TITLE RISK
2022-07-08 CVE-2022-28623 SQL Injection vulnerability in HPE Icewall SSO Certd 10.0
Security vulnerabilities in HPE IceWall SSO 10.0 certd could be exploited remotely to allow SQL injection or unauthorized data injection.
network
low complexity
hpe CWE-89
7.5
2022-07-08 CVE-2022-28624 Cross-site Scripting vulnerability in HPE products
A potential security vulnerability has been identified in certain HPE FlexNetwork and FlexFabric switch products.
network
hpe CWE-79
3.5
2022-06-28 CVE-2022-28621 Unspecified vulnerability in HPE Nonstop Distributed Systems Management / Software Configuration Manager T6031H03^Adp
A remote disclosure of sensitive information vulnerability was discovered in HPE NonStop DSM/SCM version: T6031H03^ADP.
network
low complexity
hpe
5.0
2022-06-27 CVE-2022-28622 Use of a Broken or Risky Cryptographic Algorithm vulnerability in HPE Storeonce 3640 Firmware 4.2.3/4.3.0
A potential security vulnerability has been identified in HPE StoreOnce Software.
network
low complexity
hpe CWE-327
5.0
2022-06-24 CVE-2022-28619 Unspecified vulnerability in HPE Control Repository Manager
A potential security vulnerability has been identified in the installer of HPE Version Control Repository Manager.
local
low complexity
hpe
4.6
2022-06-24 CVE-2022-28620 Improper Authentication vulnerability in HPE products
A remote authentication bypass vulnerability was discovered in HPE Cray Legacy Shasta System Solutions; HPE Slingshot; and HPE Cray EX supercomputers versions: Prior to node controller firmware associated with HPE Cray EX liquid cooled blades, and all versions of chassis controller firmware associated with HPE Cray EX liquid cooled cabinets prior to 1.6.27/1.5.33/1.4.27; All Slingshot versions prior to 1.7.2; All versions of node controller firmware associated with HPE Cray EX liquid cooled blades, and all versions of chassis controller firmware associated with HPE Cray EX liquid cooled cabinets prior to 1.6.27/1.5.33/1.4.27.
network
low complexity
hpe CWE-287
7.5
2022-05-20 CVE-2022-28618 Command Injection vulnerability in HPE Nimbleos
A command injection security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays that could allow an attacker to execute arbitrary commands on a Nimble appliance.
network
low complexity
hpe CWE-77
7.5
2022-05-09 CVE-2022-23705 Incorrect Authorization vulnerability in HPE Nimbleos
A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays, and HPE Nimble Storage Secondary Flash Arrays which could potentially allow the upload, but not execution, of unauthorized update binaries to the array.
network
low complexity
hpe CWE-863
5.0
2022-04-12 CVE-2021-41004 Unspecified vulnerability in HPE products
A remote vulnerability was discovered in Aruba Instant On 1930 Switch Series version(s): Firmware below v1.0.7.0.
network
low complexity
hpe
7.8
2022-04-12 CVE-2021-41005 Unspecified vulnerability in HPE products
A remote vulnerability was discovered in Aruba Instant On 1930 Switch Series version(s): Firmware below v1.0.7.0.
network
low complexity
hpe
6.8