Vulnerabilities > HPE > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-24 | CVE-2022-23701 | Injection vulnerability in HPE Integrated Lights-Out A potential remote host header injection security vulnerability has been identified in HPE Integrated Lights-Out 4 (iLO 4) firmware version(s): Prior to 2.60. | 5.3 |
| 2022-02-04 | CVE-2021-29218 | Unquoted Search Path or Element vulnerability in HPE products A local unquoted search path security vulnerability has been identified in HPE Agentless Management Service for Windows version(s): Prior to 1.44.0.0, 10.96.0.0. | 6.7 |
| 2021-11-01 | CVE-2021-29213 | Unspecified vulnerability in HPE products A potential local bypass of security restrictions vulnerability has been identified in HPE ProLiant DL20 Gen10, HPE ProLiant ML30 Gen10, and HPE ProLiant MicroServer Gen10 Plus server's system ROMs prior to version 2.52. | 6.7 |
| 2021-10-19 | CVE-2021-26589 | Incorrect Permission Assignment for Critical Resource vulnerability in HPE products A potential security vulnerability has been identified in HPE Superdome Flex Servers. | 6.1 |
| 2021-09-27 | CVE-2021-26587 | Cross-site Scripting vulnerability in HPE products A potential DOM-based Cross Site Scripting security vulnerability has been identified in HPE StoreOnce. | 6.5 |
| 2021-06-24 | CVE-2021-26585 | Unspecified vulnerability in HPE Oneview Global Dashboard 2.31 A potential vulnerability has been identified in HPE OneView Global Dashboard release 2.31 which could lead to a local disclosure of privileged information. | 5.5 |
| 2021-04-01 | CVE-2021-26581 | Unspecified vulnerability in HPE Superdome Flex Server Firmware 3.20.186/3.20.206/3.25.46 A potential security vulnerability has been identified in HPE Superdome Flex server. | 6.5 |
| 2021-04-01 | CVE-2021-26580 | Cross-site Scripting vulnerability in HPE Integrated Lights-Out Amplifier 1.80 A potential security vulnerability has been identified in HPE iLO Amplifier Pack. | 6.1 |
| 2021-03-30 | CVE-2021-26579 | Use of Hard-coded Credentials vulnerability in HPE Unified Data Management 1.2009.0/1.2101.0 A security vulnerability in HPE Unified Data Management (UDM) could allow the local disclosure of privileged information (CWE-321: Use of Hard-coded Cryptographic Key in a product). | 5.5 |
| 2021-02-09 | CVE-2021-22267 | Authentication Bypass by Capture-replay vulnerability in HPE web Viewpoint Idelji Web ViewPoint Suite, as used in conjunction with HPE NonStop, allows a remote replay attack for T0320L01^ABP through T0320L01^ABZ, T0952L01^AAH through T0952L01^AAR, T0986L01 through T0986L01^AAF, T0665L01^AAP, and T0662L01^AAP (L) and T0320H01^ABO through T0320H01^ABY, T0952H01^AAG through T0952H01^AAQ, T0986H01 through T0986H01^AAE, T0665H01^AAO, and T0662H01^AAO (J and H). | 5.9 |