CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-26579
https://notcve.org/view.php?id=CVE-2021-26579
A security vulnerability in HPE Unified Data Management (UDM) could allow the local disclosure of privileged information (CWE-321: Use of Hard-coded Cryptographic Key in a product). HPE has provided updates to versions 1.2009.0 and 1.2101.0 of HPE Unified Data Management (UDM). Version 1.2103.0 of HPE Unified Data Management (UDM) removes all hard-coded cryptographic keys. Una vulnerabilidad de seguridad en HPE Unified Data Management (UDM), podría permitir la divulgación local de información privilegiada (CWE-321: Uso de clave criptográfica enviada en un producto). HPE ha proporcionado actualizaciones a las versiones 1.2009.0 y 1.2101.0 de HPE Unified Data Management (UDM). • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu04112en_us • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-26578 – Hewlett Packard Enterprise Network Orchestrator uaf-token SQL Injection Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-26578
A potential security vulnerability has been identified in HPE Network Orchestrator (NetO) version(s): Prior to 2.5. The vulnerability could be remotely exploited with SQL injection. Se ha identificado una vulnerabilidad de seguridad potencial en HPE Network Orchestrator (NetO) versiones: anteriores a 2.5. La vulnerabilidad podría ser explotada remotamente con una inyección SQL This vulnerability allows remote attackers to disclose sensitive information on affected installations of Hewlett Packard Enterprise Network Orchestrator. Authentication is not required to exploit this vulnerability. The specific flaw exists within the connections resource. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04097en_us • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.9EPSS: 0%CPEs: 12EXPL: 0CVE-2021-22267
https://notcve.org/view.php?id=CVE-2021-22267
Idelji Web ViewPoint Suite, as used in conjunction with HPE NonStop, allows a remote replay attack for T0320L01^ABP through T0320L01^ABZ, T0952L01^AAH through T0952L01^AAR, T0986L01 through T0986L01^AAF, T0665L01^AAP, and T0662L01^AAP (L) and T0320H01^ABO through T0320H01^ABY, T0952H01^AAG through T0952H01^AAQ, T0986H01 through T0986H01^AAE, T0665H01^AAO, and T0662H01^AAO (J and H). Idelji Web ViewPoint Suite, tal como es usada en conjunto con HPE NonStop, permite un ataque de reproducción remota para T0320L01^ABP hasta T0320L01^ABZ, T0952L01^AAH hasta T0952L01^AAR, T0986L01 hasta T0986L01^AAF, T0665L01^AAP y ^AAP (L) y T0320H01^ABO hasta T0320H01^ABY, T0952H01^AAG hasta T0952H01^AAQ, T0986H01 hasta T0986H01^AAE, T0665H01^AAO y T0662H01^AAO (J y H) • https://idelji.com https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbns04076en_us https://techpartner.ext.hpe.com/TechPartner/PartnerDetail.xhtml?Partner=Idelji • CWE-294: Authentication Bypass by Capture-replay •
CVSS: 9.0EPSS: 0%CPEs: 12EXPL: 0CVE-2021-3191
https://notcve.org/view.php?id=CVE-2021-3191
Idelji Web ViewPoint Suite, as used in conjunction with HPE NonStop, allows Remote Unauthorized Access for T0320L01^ABY and T0320L01^ACD, T0952L01^AAR through T0952L01^AAX, and T0986L01^AAD through T0986L01^AAJ (L) and T0320H01^ABW through T0320H01^ACC, T0952H01^AAQ through T0952H01^AAW, and T0986H01^AAC through T0986H01^AAI (J and H). Idelji Web ViewPoint Suite, tal como es usada en conjunto con HPE NonStop, permite el acceso remoto no autorizado para T0320L01^ABY y T0320L01^ACD, T0952L01^AAR hasta T0952L01^AAX y T0986L01^AAD hasta T0986L01^AAJ (L) y T0320H01 T0320H01^ACC, T0952H01^AAQ hasta T0952H01^AAW y T0986H01^AAC hasta T0986H01^AAI (J y H) • https://idelji.com https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbns04081en_us https://techpartner.ext.hpe.com/TechPartner/PartnerDetail.xhtml?Partner=Idelji •
CVSS: 4.9EPSS: 0%CPEs: 30EXPL: 0CVE-2021-25141
https://notcve.org/view.php?id=CVE-2021-25141
A security vulnerability has been identified in in certain HPE and Aruba L2/L3 switch firmware. A data processing error due to improper handling of an unexpected data type in user supplied information to the switch's management interface has been identified. The data processing error could be exploited to cause a crash or reboot in the switch management interface and/or possibly the switch itself leading to local denial of service (DoS). The user must have administrator privileges to exploit this vulnerability. Se ha identificado una vulnerabilidad de seguridad en determinado firmware del switch HPE y Aruba L2/L3. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04082en_us •