CVSS: 9.0EPSS: 0%CPEs: 9EXPL: 0CVE-2019-5374 – Hewlett Packard Enterprise Intelligent Management Center operatorGroupTreeSelectContent Expression Language Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-5374
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. Se ha identificado una vulnerabilidad de ejecución remota de código en HPE Intelligent Management Center (IMC) PLAT en versiones anteriores a 7.3 E0506P09. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the beanName parameter provided to the operatorGroupTreeSelectContent.xhtml endpoint. When parsing the beanName parameter, the process does not properly validate a user-supplied string before using it to render a page. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03930en_us •
CVSS: 9.0EPSS: 0%CPEs: 9EXPL: 0CVE-2019-5375 – Hewlett Packard Enterprise Intelligent Management Center ictExpertDownload Expression Language Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-5375
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. Se ha identificado una vulnerabilidad de ejecución remota de código en HPE Intelligent Management Center (IMC) PLAT en versiones anteriores a 7.3 E0506P09. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the beanName parameter provided to the ictExpertDownload.xhtml endpoint. When parsing the beanName parameter, the process does not properly validate a user-supplied string before using it to render a page. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03930en_us •
CVSS: 9.0EPSS: 0%CPEs: 9EXPL: 0CVE-2019-5377 – Hewlett Packard Enterprise Intelligent Management Center sshConfig Expression Language Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-5377
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. Se ha identificado una vulnerabilidad de ejecución remota de código en HPE Intelligent Management Center (IMC) PLAT en versiones anteriores a 7.3 E0506P09. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the beanName parameter provided to the sshConfig.xhtml endpoint. When parsing the beanName parameter, the process does not properly validate a user-supplied string before using it to render a page. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03930en_us • CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •
CVSS: 2.1EPSS: 0%CPEs: 4EXPL: 0CVE-2017-2752
https://notcve.org/view.php?id=CVE-2017-2752
A potential security vulnerability caused by incomplete obfuscation of application configuration information was discovered in Tommy Hilfiger TH24/7 Android app versions 2.0.0.11, 2.0.1.14, 2.1.0.16, and 2.2.0.19. HP has no access to customer data as a result of this issue. Se ha identificado una potencial vulnerabilidad de seguridad provocada por la completa ofuscación de la información de configuración de la aplicación en la aplicación de Android Tommy Hilfiger TH24/7, en versiones 2.0.0.11, 2.0.1.14, 2.1.0.16 y 2.2.0.19. HP no tiene acceso a los datos del cliente como consecuencia de este problema. • https://support.hp.com/us-en/document/c05904705 • CWE-254: 7PK - Security Features •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2017-2748
https://notcve.org/view.php?id=CVE-2017-2748
A potential security vulnerability caused by the use of insecure (http) transactions during login has been identified with early versions of the Isaac Mizrahi Smartwatch mobile app. HP has no access to customer data as a result of this issue. Se ha identificado una potencial vulnerabilidad de seguridad provocada por el uso de transacciones inseguras (http) durante el inicio de sesión en versiones antiguas de la aplicación móvil "Smartwatch", de Isaac Mizrahi. HP no tiene acceso a los datos del cliente como consecuencia de este problema. • https://support.hp.com/us-en/document/c05976868 • CWE-254: 7PK - Security Features •