CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-37109 – HPE Telco Service Activator, Protection Mechanism Failure
https://notcve.org/view.php?id=CVE-2025-37109
31 Jul 2025 — Cross-site scripting vulnerability has been identified in HPE Telco Service Activator product Se ha identificado una vulnerabilidad de cross-site scripting en el producto HPE Telco Service Activator • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04887en_us&docLocale=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-37108 – HPE Telco Service Activator, Protection Mechanism Failure
https://notcve.org/view.php?id=CVE-2025-37108
31 Jul 2025 — Cross-site scripting vulnerability has been identified in HPE Telco Service Activator product Se ha identificado una vulnerabilidad de cross-site scripting en el producto HPE Telco Service Activator • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04887en_us&docLocale=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-37104 – HPE Telco Service Orchestrator Software, Authenticated SQL Injection
https://notcve.org/view.php?id=CVE-2025-37104
16 Jul 2025 — A security vulnerability has been identified in HPE Telco Service Orchestrator software. The vulnerability could allow authenticated clients to to perform a SQL Injection attack when sending a service request, and potentially exfiltrate the database's vendor name to unauthorized authenticated clients. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04875en_us&docLocale=en_US • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-37103 – Hardcoded Credential Exposure Allows Unauthorized Access in Web Interface
https://notcve.org/view.php?id=CVE-2025-37103
08 Jul 2025 — Hard-coded login credentials were found in HPE Networking Instant On Access Points, allowing anyone with knowledge of it to bypass normal device authentication. Successful exploitation could allow a remote attacker to gain administrative access to the system. Se encontraron credenciales de inicio de sesión codificadas de forma rígida en los puntos de acceso HPE Networking Instant On, lo que permitía a cualquier persona con conocimiento de ello eludir la autenticación normal del dispositivo. Una explotación ... • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04894en_us&docLocale=en_US • CWE-798: Use of Hard-coded Credentials •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-37102 – Authenticated Command Injection Vulnerability In Instant On Command Line Interface
https://notcve.org/view.php?id=CVE-2025-37102
08 Jul 2025 — An authenticated command injection vulnerability exists in the Command line interface of HPE Networking Instant On Access Points. A successful exploitation could allow a remote attacker with elevated privileges to execute arbitrary commands on the underlying operating system as a highly privileged user. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04894en_us&docLocale=en_US • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-37100 – Exposure of Sensitive Information to an Unauthorized User in HPE Aruba Networking Private 5G Core
https://notcve.org/view.php?id=CVE-2025-37100
10 Jun 2025 — A vulnerability in the APIs of HPE Aruba Networking Private 5G Core could potentially expose sensitive information to unauthorized users. A successful exploitation could allow an attacker to iteratively navigate through the filesystem and ultimately download protected system files containing sensitive information. A vulnerability in the APIs of HPE Aruba Networking Private 5G Core could potentially expose sensitive information to unauthorized users. A successful exploitation could allow an attacker to itera... • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04883en_us&docLocale=en_US • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-922: Insecure Storage of Sensitive Information •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-37089 – Hewlett Packard Enterprise StoreOnce VSA setLocateBeaconOnHardware Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-37089
02 Jun 2025 — A command injection remote code execution vulnerability exists in HPE StoreOnce Software. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise StoreOnce VSA. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the implementation of the setLocateBeaconOnHardware method. The issue results from the lack of proper validation of a user-suppl... • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbst04847en_us&docLocale=en_US • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-37090 – Hewlett Packard Enterprise StoreOnce VSA determineInclusionAndExtract Server-Side Request Forgery Vulnerability
https://notcve.org/view.php?id=CVE-2025-37090
02 Jun 2025 — A server-side request forgery vulnerability exists in HPE StoreOnce Software. This vulnerability allows remote attackers to initiate arbitrary server-side requests on affected installations of Hewlett Packard Enterprise StoreOnce VSA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the determineInclusionAndExtract method. The issue results from the lack of proper validation of a URI prior to accessing resources. An attacker can leverage thi... • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbst04847en_us&docLocale=en_US • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-37091 – Hewlett Packard Enterprise StoreOnce VSA doExecute Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-37091
02 Jun 2025 — A command injection remote code execution vulnerability exists in HPE StoreOnce Software. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise StoreOnce VSA. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the implementation of the doExecute method. The issue results from the lack of proper validation of a user-supplied string befor... • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbst04847en_us&docLocale=en_US • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-37092 – Hewlett Packard Enterprise StoreOnce VSA queryHardwareReportLocally Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-37092
02 Jun 2025 — A command injection remote code execution vulnerability exists in HPE StoreOnce Software. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise StoreOnce VSA. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the implementation of the queryHardwareReportLocally method. The issue results from the lack of proper validation of a user-supp... • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbst04847en_us&docLocale=en_US • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •