CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2018-7092 – Hewlett Packard Enterprise Intelligent Management Center TFTP deleteBaseCfgfile Directory Traversal Arbitrary File Deletion Vulnerability
https://notcve.org/view.php?id=CVE-2018-7092
A potential security vulnerability has been identified in HPE Intelligent Management Center Platform (IMC Plat) 7.3 E0506P09. The vulnerability could be remotely exploited to allow for remote directory traversal leading to arbitrary file deletion. Se ha identificado una potencial vulnerabilidad de seguridad en HPE Intelligent Management Center (IMC Plat) 7.3 E0506P09. La vulnerabilidad podría explotarse remotamente para permitir el salto de directorio remoto que conduce a la eliminación de archivos arbitrarios. This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. • http://www.securitytracker.com/id/1041412 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03872en_us • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-8988
https://notcve.org/view.php?id=CVE-2017-8988
A Remote Bypass of Security Restrictions vulnerability was identified in HPE XP Command View Advanced Edition Software Earlier than 8.5.3-00. The vulnerability impacts DevMgr Earlier than 8.5.3-00 (for Windows, Linux), RepMgr earlier than 8.5.3-00 (for Windows, Linux) and HDLM earlier than 8.5.3-00 (for Windows, Linux, Solaris, AIX). Se ha identificado una vulnerabilidad de omisión remota de restricciones de seguridad en HPE XP Command View Advanced Edition en versiones anteriores a la 8.5.3-00. La vulnerabilidad afecta a DevMgr en versiones anteriores a la 8.5.3-00 (para Windows y Linux), RepMgr en versiones anteriores a la 8.5.3-00 (para Windows y Linux) y HDLM en versiones anteriores a la 8.5.3-00 (para Windows, Linux, Solaris y AIX). • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03822en_us •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-8991
https://notcve.org/view.php?id=CVE-2017-8991
HPE has identified a cross site scripting (XSS) vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version. HPE ha identificado una vulnerabilidad Cross-Site Scripting (XSS) en HPE CentralView Fraud Risk Management en versiones anteriores a la CV 6.1. El problema se ha resuelto en HF16 para HPE CV 6.1 o posteriores. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03837en_us • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7059
https://notcve.org/view.php?id=CVE-2018-7059
Aruba ClearPass prior to 6.6.9 has a vulnerability in the API that helps to coordinate cluster actions. An authenticated user with the "mon" permission could use this vulnerability to obtain cluster credentials which could allow privilege escalation. This vulnerability is only present when authenticated as a user with "mon" permission. Aruba ClearPass en versiones anteriores a la 6.6.9 tiene una vulnerabilidad en la API que ayuda a coordinar acciones del clúster. Un usuario autenticado con el permiso "mon" podría emplear esta vulnerabilidad para obtener credenciales del clúster, lo que podría permitir el escalado de privilegios. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-003.txt • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7075
https://notcve.org/view.php?id=CVE-2018-7075
A remote cross-site scripting (XSS) vulnerability was identified in HPE Intelligent Management Center (iMC) PLAT version v7.3 (E0506). The vulnerability is fixed in Intelligent Management Center PLAT 7.3 E0605P04 or subsequent version. Se ha identificado una vulnerabilidad de Cross-Site Scripting (XSS) remoto en HPE Intelligent Management Center (iMC) PLAT en versiones 7.3 (E0506). La vulnerabilidad ha sido resuelta en Intelligent Management Center PLAT 7.3 E0605P04 o siguientes. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03863en_us • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •