Vulnerabilities > HPE
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-19 | CVE-2020-7138 | Improper Input Validation vulnerability in HPE Nimbleos Potential remote code execution security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to gain elevated privileges on the array. | 6.5 |
| 2020-05-19 | CVE-2020-7137 | Improper Input Validation vulnerability in HPE Superdome Flex Server Firmware 3.20.186/3.20.206 A validation issue in HPE Superdome Flex's RMC component may allow local elevation of privilege. | 4.6 |
| 2020-04-30 | CVE-2020-7136 | Unspecified vulnerability in HPE Smart Update Manager A security vulnerability in HPE Smart Update Manager (SUM) prior to version 8.5.6 could allow remote unauthorized access. | 10.0 |
| 2020-04-17 | CVE-2019-12002 | Unspecified vulnerability in HPE products A remote session reuse vulnerability leading to access restriction bypass was discovered in HPE MSA 2040 SAN Storage; HPE MSA 1040 SAN Storage; HPE MSA 1050 SAN Storage; HPE MSA 2042 SAN Storage; HPE MSA 2050 SAN Storage; HPE MSA 2052 SAN Storage version(s): GL225P001 and earlier; GL225P001 and earlier; VE270R001-01 and earlier; GL225P001 and earlier; VL270R001-01 and earlier; VL270R001-01 and earlier. | 10.0 |
| 2020-04-17 | CVE-2019-12001 | Insufficient Session Expiration vulnerability in HPE products A remote session reuse vulnerability leading to access restriction bypass was discovered in HPE MSA 2040 SAN Storage; HPE MSA 1040 SAN Storage; HPE MSA 1050 SAN Storage; HPE MSA 2042 SAN Storage; HPE MSA 2050 SAN Storage; HPE MSA 2052 SAN Storage version(s): GL225P001 and earlier; GL225P001 and earlier; VE270R001-01 and earlier; GL225P001 and earlier; VL270R001-01 and earlier; VL270R001-01 and earlier. | 7.1 |
| 2020-04-16 | CVE-2019-11999 | Cross-site Scripting vulnerability in HPE Opencall Media Platform Potential security vulnerabilities have been identified in HPE OpenCall Media Platform (OCMP) resulting in remote arbitrary file download and cross site scripting. | 4.9 |
| 2020-01-16 | CVE-2019-11998 | Improper Input Validation vulnerability in HPE Superdome Flex Server Firmware HPE Superdome Flex Server is vulnerable to multiple remote vulnerabilities via improper input validation of administrator commands. | 5.0 |
| 2019-11-14 | CVE-2019-11137 | Improper Input Validation vulnerability in multiple products Insufficient input validation in system firmware for Intel(R) Xeon(R) Scalable Processors, Intel(R) Xeon(R) Processors D Family, Intel(R) Xeon(R) Processors E5 v4 Family, Intel(R) Xeon(R) Processors E7 v4 Family and Intel(R) Atom(R) processor C Series may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. | 8.2 |
| 2019-11-14 | CVE-2019-11136 | Insufficient access control in system firmware for Intel(R) Xeon(R) Scalable Processors, 2nd Generation Intel(R) Xeon(R) Scalable Processors and Intel(R) Xeon(R) Processors D Family may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. | 6.7 |
| 2019-11-07 | CVE-2019-11996 | Unspecified vulnerability in HPE Nimbleos Potential security vulnerabilities have been identified with HPE Nimble Storage systems in multi array group configurations. | 10.0 |