CVSS: 9.0EPSS: 0%CPEs: 16EXPL: 0CVE-2019-6322
https://notcve.org/view.php?id=CVE-2019-6322
HP has identified a security vulnerability with some versions of Workstation BIOS (UEFI Firmware) where the runtime BIOS code could be tampered with if the TPM is disabled. This vulnerability relates to Workstations whose TPM is enabled by default. HP ha econtado una vulnerabilidad de seguridad con algunas versiones de Workstation BIOS (UEFI Firmware), donde el tiempo de ejecución del código BIOS podría ser manipulado si el TPM está deshabilitado. Esta vulnerabilidad esta relacionada con Workstations cuyo TPM está habilitado por defecto. • https://support.hp.com/us-en/document/c06318199 • CWE-667: Improper Locking •
CVSS: 9.0EPSS: 0%CPEs: 16EXPL: 0CVE-2019-6321
https://notcve.org/view.php?id=CVE-2019-6321
HP has identified a security vulnerability with some versions of Workstation BIOS (UEFI Firmware) where the runtime BIOS code could be tampered with if the TPM is disabled. This vulnerability relates to Workstations whose TPM is disabled by default. HP ha encontrado una vulnerabilidad de seguridad con algunas versiones de Workstation BIOS (UEFI Firmware), donde el tiempo de ejecución del código BIOS podría ser manipulado si el TPM está deshabilitado. Esta vulnerabilidad esta relacionada con Workstatiosn cuyo TPM está deshabilitado por defecto. • https://support.hp.com/us-en/document/c06318199 • CWE-667: Improper Locking •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-7120
https://notcve.org/view.php?id=CVE-2018-7120
A security vulnerability in the HPE Virtual Connect SE 16Gb Fibre Channel Module for HPE Synergy running firmware 5.00.50, which is part of the HPE Synergy Custom SPP 2018.11.20190205, could allow local or remote unauthorized elevation of privilege. Una vulnerabilidad de seguridad en HPE Virtual Connect SE 16Gb Fibre Channel Module para HPE Synergy que ejecuta firmware 5.00.50, que forma parte del HPE Synergy Custom SPP 2018.11.20190205, podría permitir la escalada no autorizada de privilegios local o remota. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03916en_us •
CVSS: 7.0EPSS: 0%CPEs: 6EXPL: 0CVE-2018-7119
https://notcve.org/view.php?id=CVE-2018-7119
A Local Disclosure of Sensitive Information vulnerability was identified in HPE NonStop Safeguard earlier than version SPR T9750L01^AIC or T9750H05^AIH, and later versions when the PASSWORD-PROMPT configuration attribute is not set to BLIND; all versions on H-series. STDSEC-STANDARD SECURITY PROD All prior versions before T6533L01^ADU or T6533H05^ADW, and later versions when the PASSWORD-PROMPT configuration attribute is not set to BLIND and all versions on H-series . Note that some commands in NonStop Safeguard and NonStop Standard Security software require username and password to be passed as command line parameters, which may lead to a local disclosure of the credentials. Se identificó una vulnerabilidad de Revelación de información local sensible en HPE NonStop Safeguard, versión anterior a SPR T9750L01^AIC o T9750H05^AIH, y en versiones posteriores cuando el atributo de configuración PASSWORD-PROMPT no está configurado en BLIND; todas las versiones en H-series. STDSEC-STANDARD SECURITY PROD Todas las versiones anteriores a T6533L01^ADU o T6533H05^ADW, y las versiones posteriores cuando el atributo de configuración PASSWORD-PROMPT no está configurado en BLIND y todas las versiones de la serie H . • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03910en_us •
CVSS: 10.0EPSS: 5%CPEs: 9EXPL: 0CVE-2019-11944 – Hewlett Packard Enterprise Intelligent Management Center AMF3 Externalizable Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-11944
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. Se ha identificado una vulnerabilidad de ejecución remota de código en HPE Intelligent Management Center (IMC) PLAT en versiones anteriores a 7.3 E0506P09. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling AMF3 requests to the amf endpoint. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03930en_us • CWE-502: Deserialization of Untrusted Data •