CVSS: 8.8EPSS: 91%CPEs: 36EXPL: 2CVE-2020-11853 – Arbitrary code execution vulnerability on multiple Micro Focus products
https://notcve.org/view.php?id=CVE-2020-11853
22 Oct 2020 — Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9.51, 9.50 and 9.40 with uCMDB 10.33 CUP 3 3.) Data Center Automation affected version 2019.11 4.) Operations Bridge (containerized) affecting versions: 2019.11, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05, 2018.02, 2017.11 5.) • https://packetstorm.news/files/id/161182 •
CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 0CVE-2017-14350 – Hewlett Packard Enterprise Application Performance Management Staging Data Replicator hpbsmsdr Missing Authentication for Critical Function Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-14350
26 Sep 2017 — A potential security vulnerability has been identified in HPE Application Performance Management (BSM) Platform versions 9.26, 9.30, 9.40. The vulnerability could be remotely exploited to allow code execution. Se ha identificado una vulnerabilidad de seguridad potencial en HPE Application Performance Management (BSM) Platform en versiones 9.26, 9.30 y 9.40. La vulnerabilidad podría explotarse de forma remota para permitir la ejecución de código. This vulnerability allows remote attackers to execute arbitrar... • http://www.securityfocus.com/bid/100988 • CWE-306: Missing Authentication for Critical Function •
CVSS: 6.8EPSS: 1%CPEs: 3EXPL: 0CVE-2017-13984 – Hewlett Packard Enterprise Application Performance Management System Health SHExportToExcel Servlet Directory Traversal Arbitrary File Deletion Vulnerability
https://notcve.org/view.php?id=CVE-2017-13984
07 Sep 2017 — An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to delete arbitrary files via servlet directory traversal. Una vulnerabilidad de autenticación en HPE BSM Platform Application Performance Management System Health en versiones 9.26, 9.30 y 9.40 permite que los usuarios remotos eliminen archivos arbitrarios mediante un salto de directorio servlet. This vulnerability allows remote attackers to delete a... • http://www.zerodayinitiative.com/advisories/ZDI-17-720 • CWE-287: Improper Authentication •
CVSS: 9.0EPSS: 3%CPEs: 3EXPL: 0CVE-2017-13982 – Hewlett Packard Enterprise Application Performance Management System Health UploadManager Servlet Directory Traversal Unrestricted File Upload Vulnerability
https://notcve.org/view.php?id=CVE-2017-13982
07 Sep 2017 — A directory traversal vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows users to upload unrestricted files. Una vulnerabilidad de salto de directorio en HPE BSM Platform Application Performance Management System Health en versiones 9.26, 9.30 y 9.40 permite que los usuarios suban archivos sin restricción. This vulnerability allows remote attackers to create arbitrary files on vulnerable installations of Hewlett Packard Enterprise ... • http://www.securityfocus.com/bid/101199 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 20%CPEs: 3EXPL: 0CVE-2017-13983 – Hewlett Packard Enterprise Application Performance Management System Health Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2017-13983
07 Sep 2017 — An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to bypass authentication. Una vulnerabilidad de autenticación en HPE BSM Platform Application Performance Management System Health en versiones 9.26, 9.30 y 9.40 permite que los usuarios remotos omitan la autenticación. This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Hewlett Packard Enterprise Applicati... • http://www.zerodayinitiative.com/advisories/ZDI-17-722 • CWE-287: Improper Authentication •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-13985 – Hewlett Packard Enterprise Application Performance Management System Health Email Servlet Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2017-13985
07 Sep 2017 — An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to traverse directory leading to disclosure of information. Una vulnerabilidad de autenticación en HPE BSM Platform Application Performance Management System Health en versiones 9.26, 9.30 y 9.40 permite que los usuarios remotos salten directorios, lo que conduce a una divulgación de información. This vulnerability allows remote attackers to disclose ... • http://zerodayinitiative.com/advisories/ZDI-17-721 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 18%CPEs: 6EXPL: 1CVE-2016-4372 – HPE < 7.2 - Java Deserialization
https://notcve.org/view.php?id=CVE-2016-4372
12 Jul 2016 — HPE iMC PLAT before 7.2 E0403P04, iMC EAD before 7.2 E0405P05, iMC APM before 7.2 E0401P04, iMC NTA before 7.2 E0401P01, iMC BIMS before 7.2 E0402P02, and iMC UAM_TAM before 7.2 E0405P05 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. HPE iMC PLAT en versiones anteriores a 7.2 E0403P04, iMC EAD en versiones anteriores a 7.2 E0405P05, iMC APM en versiones anteriores a 7.2 E0401P04, iMC NTA en versiones anterio... • https://www.exploit-db.com/exploits/42756 • CWE-20: Improper Input Validation •