hp security advisories
35 threat alerts tracking vulnerabilities and security advisories that affect hp products.
Vulnios monitors hp CVE feeds, vendor advisories, CISA KEV listings, and exploit-prediction data continuously. Each alert below is enriched with severity, exploitation status, affected products, and a remediation path. Use this page to scan recent hp security news in one place, or click into an individual alert for full detail.
Critical Vulnerability: CVE-2016-4375 — hp — integrated_lights-out_3_firmware, integrated_lights-out_4_firmware
Multiple unspecified vulnerabilities in HPE Integrated Lights-Out 3 (aka iLO 3) firmware before 1.88, Integrated Lights-Out 4 (aka iLO 4) firmware before 2.44, and Integrated Lights-Out 4 (aka iLO 4)
criticalCVE-2016-4375Critical Vulnerability: CVE-2016-4373 — hp — operations_manager
The AdminUI in HPE Operations Manager (OM) before 9.21.130 on Linux, Unix, and Solaris allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache
criticalCVE-2016-4373Critical Vulnerability: CVE-2016-4372 — hp — intelligent_management_center_application_performance_manager, intelligent_management_center_branch_intelligent_management_system
HPE iMC PLAT before 7.2 E0403P04, iMC EAD before 7.2 E0405P05, iMC APM before 7.2 E0401P04, iMC NTA before 7.2 E0401P01, iMC BIMS before 7.2 E0402P02, and iMC UAM_TAM before 7.2 E0405P05 allow remote
criticalCVE-2016-4372Critical Vulnerability: CVE-2016-4359 — hp — loadrunner, performance_center
Stack-based buffer overflow in mchan.dll in the agent in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Perfor
criticalCVE-2016-4359Critical Vulnerability: CVE-2016-4368 — hp — universal_cmbd_foundation, universal_cmbd_configuration_manager
HPE Universal CMDB 10.0 through 10.21, Universal CMDB Configuration Manager 10.0 through 10.21, and Universal Discovery 10.0 through 10.21 allow remote attackers to execute arbitrary commands via a cr
criticalCVE-2016-4368Critical Vulnerability: CVE-2016-4360 — hp — loadrunner, performance_center
web/admin/data.js in the Performance Center Virtual Table Server (VTS) component in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50
criticalCVE-2016-4360Critical Vulnerability: CVE-2016-2029 — hp — systems_insight_manager, matrix_operating_environment
HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-4358.
criticalCVE-2016-2029Critical Vulnerability: CVE-2016-2024 — hp — insight_contol, server_migration_package
HPE Insight Control before 7.5.1 allow remote attackers to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors.
criticalCVE-2016-2024Critical Vulnerability: CVE-2016-2018 — hp — systems_insight_manager, matrix_operating_environment
HPE Systems Insight Manager (SIM) before 7.5.1 allows remote attackers to obtain sensitive information or modify data via unspecified vectors.
criticalCVE-2016-2018Critical Vulnerability: CVE-2016-4366 — hp — systems_insight_manager
HPE Systems Insight Manager (SIM) before 7.5.1 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors.
criticalCVE-2016-4366Critical Vulnerability: CVE-2016-1999 — hp — release_control
The server in HP Release Control 9.13, 9.20, and 9.21 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
criticalCVE-2016-1999Critical Vulnerability: CVE-2016-2003 — hp — p9000_command_view_advanced_edition_software, xp7_command_view_advanced_edition_suite
HPE P9000 Command View Advanced Edition Software (CVAE) 7.x and 8.x before 8.4.0-00 and XP7 CVAE 7.x and 8.x before 8.4.0-00 allow remote attackers to execute arbitrary commands via a crafted serializ
criticalCVE-2016-2003Critical Vulnerability: CVE-2016-2004 — hp — data_protector
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. NOTE: this vulnera
criticalCVE-2016-2004Critical Vulnerability: CVE-2016-2005 — hp — data_protector
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3352.
criticalCVE-2016-2005Critical Vulnerability: CVE-2016-2008 — hp — data_protector
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors.
criticalCVE-2016-2008Critical Vulnerability: CVE-2016-2006 — hp — data_protector
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3353.
criticalCVE-2016-2006Critical Vulnerability: CVE-2016-2007 — hp — data_protector
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3354.
criticalCVE-2016-2007Critical Vulnerability: CVE-2016-1988 — hp — network_automation
HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, a different vulnerabilit
criticalCVE-2016-1988Critical Vulnerability: CVE-2016-1989 — hp — network_automation
HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, a different vulnerabilit
criticalCVE-2016-1989Critical Vulnerability: CVE-2016-1997 — hp — operations_orchestration, operations_orchestration_content
HPE Operations Orchestration 10.x before 10.51 and Operations Orchestration content before 1.7.0 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to t
criticalCVE-2016-1997Critical Vulnerability: CVE-2016-2245 — hp — support_assistant
HP Support Assistant before 8.1.52.1 allows remote attackers to bypass authentication via unspecified vectors.
criticalCVE-2016-2245Critical Vulnerability: CVE-2016-1995 — hp — system_management_homepage
HPE System Management Homepage before 7.5.4 allows remote attackers to execute arbitrary code via unspecified vectors.
criticalCVE-2016-1995Critical Vulnerability: CVE-2016-2000 — hp — asset_manager, asset_manager_cloudsystem_chargeback
HPE Asset Manager 9.40, 9.41, and 9.50 and Asset Manager CloudSystem Chargeback 9.40 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Co
criticalCVE-2016-2000Critical Vulnerability: CVE-2016-1998 — hp — service_manager
HPE Service Manager (SM) 9.3x before 9.35 P4 and 9.4x before 9.41.P2 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collectio
criticalCVE-2016-1998Critical Vulnerability: CVE-2016-1986 — hp — continuous_delivery_automation
HP Continuous Delivery Automation (CDA) 1.30 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
criticalCVE-2016-1986Critical Vulnerability: CVE-2005-2773 — hp — openview_network_node_manager
HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node parameter to connectedNodes.ovpl, (2) cdpView.ovpl, (3)
criticalCVE-2005-2773Critical Vulnerability: CVE-2017-14356 — hp — arcsight_enterprise_security_manager, arcsight_enterprise_security_manager_express
An SQL Injection vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow SQL
criticalCVE-2017-14356Critical Vulnerability: CVE-2017-5791 — hp — intelligent_management_center_plat
The doFilter method in UrlAccessController in HPE Intelligent Management Center (iMC) PLAT 7.2 E0403P06 allows remote bypass of authentication via unspecified strings in a URI.
criticalCVE-2017-5791Critical Vulnerability: CVE-2017-5789 — hp — loadrunner, performance_center
HPE LoadRunner before 12.53 Patch 4 and HPE Performance Center before 12.53 Patch 4 allow remote attackers to execute arbitrary code via unspecified vectors. At least in LoadRunner, this is a libxdrut
criticalCVE-2017-5789Critical Vulnerability: CVE-2017-8994 — hp — operations_orchestration
A input validation vulnerability in HPE Operations Orchestration product all versions prior to 10.80, allows for the execution of code remotely.
criticalCVE-2017-8994Critical Vulnerability: CVE-2017-14349 — hp — sitescope
An authentication vulnerability in HPE SiteScope product versions 11.2x and 11.3x, allows read-only accounts to view all SiteScope interfaces and monitors, potentially exposing sensitive data.
criticalCVE-2017-14349Critical Vulnerability: CVE-2017-14350 — hp — application_performance_management
A potential security vulnerability has been identified in HPE Application Performance Management (BSM) Platform versions 9.26, 9.30, 9.40. The vulnerability could be remotely exploited to allow code e
criticalCVE-2017-14350Critical Vulnerability: CVE-2017-14351 — hp — ucmdb_configuration_manager
A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow c
criticalCVE-2017-14351Critical Vulnerability: CVE-2017-13983 — hp — bsm_platform_application_performance_management_system_health
An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to bypass authentication.
criticalCVE-2017-13983Critical Vulnerability: CVE-1999-1324 — hp — openvms_vax
VAXstations running Open VMS 5.3 through 5.5-2 with VMS DECwindows or MOTIF do not properly disable access to user accounts that exceed the break-in limit threshold for failed login attempts, which ma
criticalCVE-1999-1324
Track hp exposure across your environment
Vulnios automatically cross-references your asset inventory against new hp CVEs and surfaces only what affects you. No more sifting manually — actionable findings only.
Start a free scan