CVSS: 7.8EPSS: 10%CPEs: 2EXPL: 0CVE-2013-4826 – Hewlett-Packard Intelligent Management Center SOM sdFileDownload Servlet Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2013-4826
Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-1647. Vulnerabilidad no especificada en HP Intelligent Management Center (iMC) y HP IMC Service Operation Management Software Module permite a atacantes remotos obtener información sensible a través de vectores desconocidos, tambien conocido como ZDI-CAN-1647 This vulnerability allows remote attackers to obtain sensitive information on vulnerable installations of Hewlett-Packard Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the sdFileDownload servlet. Authentication is not required to access this servlet, which allows any file readable by SYSTEM to be disclosed. By abusing this behavior an attacker can disclose administrative credentials and possibly leverage this situation to achieve remote code execution. • https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03943547 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 10%CPEs: 2EXPL: 0CVE-2013-4825 – Hewlett-Packard Intelligent Management Center CommonUtils Static DES/ECB Decryption Key Vulnerability
https://notcve.org/view.php?id=CVE-2013-4825
Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to bypass intended access restrictions via unknown vectors, aka ZDI-CAN-1645. Vulnerabilidad no especificada en HP Intelligent Management Center (iMC) y HP IMC Service Operation Management Software Module permite a atacantes remotos sortear restricciones de acceso a través de vectores deconocidos, tambien conocido como ZDI-CAN-1645. This vulnerability allows remote attackers to obtain sensitive information on vulnerable installations of Hewlett-Packard Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CommonUtil class. This application uses a static key and the DES algorithm in ECB mode to store Administrator credentials. • https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03943547 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 1%CPEs: 5EXPL: 0CVE-2013-4808
https://notcve.org/view.php?id=CVE-2013-4808
Unspecified vulnerability in HP Service Manager 7.11, 9.21, 9.30, and 9.31 and Service Center 6.2.8 allows remote attackers to obtain privileged access via unknown vectors. Vulnerabilidad sin especificar en HP Service Manager v7.11, v9.21, v9.30, y v9.31 y Service Center v6.2.8 permite a atacantes remotos obtener acceso privilegiado a través de vectores desconocidos. • http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03888320 http://secunia.com/advisories/54546 http://www.securitytracker.com/id/1028912 https://exchange.xforce.ibmcloud.com/vulnerabilities/86444 •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2013-2337
https://notcve.org/view.php?id=CVE-2013-2337
Cross-site scripting (XSS) vulnerability in HP Service Manager 7.11, 9.21, 9.30, and 9.31, and ServiceCenter 6.2.8, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad XSS en HP Service Manager 7.11, 9.21, 9.30, y 9.31, y ServiceCenter 6.2.8, permite a atacantes remotos inyectar secuencias arbitrarias de comandos web o HTML a través de vectores no especificados. • http://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03784101 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0CVE-2013-2336
https://notcve.org/view.php?id=CVE-2013-2336
HP Service Manager 7.11, 9.21, 9.30, and 9.31, and ServiceCenter 6.2.8, allows remote attackers to obtain sensitive information via unspecified vectors. HP Service Manager 7.11, 9.21, 9.30, y 9.31, y ServiceCenter 6.2.8, permite a atacantes remotos obtener información sensible a través de vectores no especificados. • http://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03784101 •