Vulnerabilities (CVE)

Filtered by vendor Hpe Subscribe
Total 140 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-26587 1 Hpe 12 Storeonce 3620, Storeonce 3620 Firmware, Storeonce 3640 and 9 more 2024-02-04 6.0 MEDIUM 6.5 MEDIUM
A potential DOM-based Cross Site Scripting security vulnerability has been identified in HPE StoreOnce. The vulnerability could be remotely exploited to cause an elevation of privilege leading to partial impact to confidentiality, availability, and integrity. HPE has made the following software update - HPE StoreOnce 4.3.0, to resolve the vulnerability in HPE StoreOnce.
CVE-2021-29213 1 Hpe 6 Proliant Dl20 Gen10 Server, Proliant Dl20 Gen10 Server Firmware, Proliant Microserver Gen10 Plus and 3 more 2024-02-04 7.2 HIGH 6.7 MEDIUM
A potential local bypass of security restrictions vulnerability has been identified in HPE ProLiant DL20 Gen10, HPE ProLiant ML30 Gen10, and HPE ProLiant MicroServer Gen10 Plus server's system ROMs prior to version 2.52. The vulnerability could be locally exploited to cause disclosure of sensitive information, denial of service (DoS), and/or compromise system integrity.
CVE-2021-29215 1 Hpe 2 Ezmeral Data Fabric, Tez 2024-02-04 7.5 HIGH 9.8 CRITICAL
A potential security vulnerability in HPE Ezmeral Data Fabric that may allow a remote access restriction bypass in the TEZ MapR ecosystem component was discovered in version(s): Prior to Tez-0.8: mapr-tez-0.8.201907081100-1.noarch; prior to Tez-0.9: mapr-tez-0.9.201907090334-1.noarch; prior to Tez-0.9.2: mapr-tez-0.9.2.0.201907081043-1.noarch. HPE has provided software updates to resolve the vulnerability in the TEZ MapR ecosystem component in HPE Ezmeral Data Fabric.
CVE-2021-26580 1 Hpe 1 Integrated Lights-out Amplifier 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
A potential security vulnerability has been identified in HPE iLO Amplifier Pack. The vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS). HPE has provided the following software update to resolve the vulnerability in HPE iLO Amplifier Pack: HPE iLO Amplifier Pack 1.95 or later.
CVE-2021-33895 2 Etinet, Hpe 4 Backbox E4.09, Backbox E4.09 Firmware, Backbox H4.09 and 1 more 2024-02-04 6.8 MEDIUM 8.1 HIGH
ETINET BACKBOX E4.09 and H4.09 mismanages password access control. When a user uses the User ID of the process running BBSV to login to the Backbox UI application, the system procedure (USER_AUTHENTICATE_) used for verifying the Password returns 0 (no error). The reason is that the user is not running the XYGate application. Hence, BBSV assumes the Password is correct. For H4.09, the affected version isT0954V04^AAO. For E4.09, the affected version is 22SEP2020. Note: If your current version is E4.10-16MAY2021 (version procedure T9999V04_16MAY2022_BPAKETI_10), a hotfix (FIXPAK-19OCT-2022) is available in version E4.10-19OCT2022. Resolution to CVE-2021-33895 in version E4.11-19OCT2022
CVE-2021-26581 1 Hpe 2 Superdome Flex Server, Superdome Flex Server Firmware 2024-02-04 4.0 MEDIUM 6.5 MEDIUM
A potential security vulnerability has been identified in HPE Superdome Flex server. A denial of service attack can be remotely exploited leaving hung connections to the BMC web interface. The monarch BMC must be rebooted to recover from this situation. Other BMC management is not impacted. HPE has made the following software update to resolve the vulnerability in HPE Superdome Flex Server: Superdome Flex Server Firmware 3.30.142 or later.
CVE-2021-26585 1 Hpe 1 Oneview Global Dashboard 2024-02-04 2.1 LOW 5.5 MEDIUM
A potential vulnerability has been identified in HPE OneView Global Dashboard release 2.31 which could lead to a local disclosure of privileged information. HPE has provided an update to OneView Global Dashboard. The issue is resolved in 2.32.
CVE-2021-26579 1 Hpe 1 Unified Data Management 2024-02-04 2.1 LOW 5.5 MEDIUM
A security vulnerability in HPE Unified Data Management (UDM) could allow the local disclosure of privileged information (CWE-321: Use of Hard-coded Cryptographic Key in a product). HPE has provided updates to versions 1.2009.0 and 1.2101.0 of HPE Unified Data Management (UDM). Version 1.2103.0 of HPE Unified Data Management (UDM) removes all hard-coded cryptographic keys.
CVE-2021-25129 1 Hpe 10 Cloudline Cl3100 Gen10 Server, Cloudline Cl3100 Gen10 Server Firmware, Cloudline Cl4100 Gen10 Server and 7 more 2024-02-04 7.2 HIGH 7.8 HIGH
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local spx_restservice getvideodata_func function path traversal vulnerability.
CVE-2021-25135 1 Hpe 10 Cloudline Cl3100 Gen10 Server, Cloudline Cl3100 Gen10 Server Firmware, Cloudline Cl4100 Gen10 Server and 7 more 2024-02-04 7.2 HIGH 7.8 HIGH
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice setsmtp_func function.
CVE-2020-24623 1 Hpe 1 Universal Api Framework 2024-02-04 3.3 LOW 6.5 MEDIUM
A potential security vulnerability has been identified in Hewlett Packard Enterprise Universal API Framework. The vulnerability could be remotely exploited to allow SQL injection in HPE Universal API Framework for VMware Esxi v2.5.2 and HPE Universal API Framework for Microsoft Hyper-V (VHD).
CVE-2021-26570 1 Hpe 2 Apollo 70 System, Baseboard Management Controller 2024-02-04 7.2 HIGH 7.8 HIGH
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webifc_setadconfig function.
CVE-2021-25125 1 Hpe 10 Cloudline Cl3100 Gen10 Server, Cloudline Cl3100 Gen10 Server Firmware, Cloudline Cl4100 Gen10 Server and 7 more 2024-02-04 7.2 HIGH 7.8 HIGH
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local spx_restservice delsolrecordedvideo_func function path traversal vulnerability.
CVE-2021-25124 1 Hpe 10 Cloudline Cl3100 Gen10 Server, Cloudline Cl3100 Gen10 Server Firmware, Cloudline Cl4100 Gen10 Server and 7 more 2024-02-04 7.2 HIGH 7.8 HIGH
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local spx_restservice deletevideo_func function path traversal vulnerability.
CVE-2021-26578 1 Hpe 1 Network Orchestrator 2024-02-04 5.0 MEDIUM 7.5 HIGH
A potential security vulnerability has been identified in HPE Network Orchestrator (NetO) version(s): Prior to 2.5. The vulnerability could be remotely exploited with SQL injection.
CVE-2020-24626 1 Hpe 1 Utility Computing Service Meter 2024-02-04 7.5 HIGH 9.8 CRITICAL
Unathenticated directory traversal in the ReceiverServlet class doPost() method can lead to arbitrary remote code execution in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9.
CVE-2021-26577 1 Hpe 2 Apollo 70 System, Baseboard Management Controller 2024-02-04 7.2 HIGH 7.8 HIGH
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so uploadsshkey function.
CVE-2021-26575 1 Hpe 2 Apollo 70 System, Baseboard Management Controller 2024-02-04 7.2 HIGH 7.8 HIGH
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a path traversal vulnerability in libifc.so webdeletesolvideofile function.
CVE-2021-25126 1 Hpe 10 Cloudline Cl3100 Gen10 Server, Cloudline Cl3100 Gen10 Server Firmware, Cloudline Cl4100 Gen10 Server and 7 more 2024-02-04 7.2 HIGH 7.8 HIGH
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice downloadkvmjnlp_func function.
CVE-2021-25171 1 Hpe 2 Apollo 70 System, Baseboard Management Controller 2024-02-04 7.2 HIGH 7.8 HIGH
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so websetlicensecfg function.