CVSS: 5.6EPSS: 0%CPEs: 3EXPL: 0CVE-2017-12553
https://notcve.org/view.php?id=CVE-2017-12553
A local authentication bypass vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. Se ha encontrado una vulnerabilidad de omisión de autenticación local en HPE System Management Homepage para Windows y Linux en versiones anteriores a la 7.6. • http://www.securityfocus.com/bid/101029 http://www.securitytracker.com/id/1039437 https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4393
https://notcve.org/view.php?id=CVE-2016-4393
HPE System Management Homepage before v7.6 allows "remote authenticated" attackers to obtain sensitive information via unspecified vectors, related to an "XSS" issue. HPE System Management Homepage en versiones anteriores a v7.6 permite a atacantes "remotos autenticados" obtener información sensible a través de vectores no especificados, relacionado con un problema de "XSS". • http://www.securityfocus.com/bid/93961 https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05320149 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4394
https://notcve.org/view.php?id=CVE-2016-4394
HPE System Management Homepage before v7.6 allows remote attackers to obtain sensitive information via unspecified vectors, related to an "HSTS" issue. HPE System Management Homepage en versiones anteriores a v7.6 permite a atacantes remotos obtener información sensible a través de vectores no especificados, relacionado con un problema de "HSTS". • http://www.securityfocus.com/bid/93961 https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05320149 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722 • CWE-254: 7PK - Security Features •
CVSS: 10.0EPSS: 5%CPEs: 1EXPL: 0CVE-2016-4395 – Hewlett Packard Enterprise System Management Homepage SetSMHData Stack Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-4395
HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow" issue. HPE System Management Homepage en versiones anteriores a v7.6 permite a atacantes remotos tener un impacto no especificado a través de vectores desconocidos, relacionado con un problema de "desbordamiento de búfer". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise System Management Homepage. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of /proxy/SetSMHData requests. When parsing admin-group, operator-group, or user-group parameters, the process copies user-supplied data into a fixed-length stack buffer. • http://www.securityfocus.com/bid/93961 http://www.zerodayinitiative.com/advisories/ZDI-16-587 https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05320149 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722 https://www.tenable.com/security/research/tra-2016-32 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 5%CPEs: 1EXPL: 0CVE-2016-4396 – Hewlett Packard Enterprise System Management Homepage SSO TKN Stack Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-4396
HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow" issue. HPE System Management Homepage en versiones anteriores a v7.6 permite a atacantes remotos tener un impacto no especificado a través de vectores desconocidos, relacionado con un problema de "desbordamiento de búfer". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise System Management Homepage. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of /proxy/sso requests. When parsing the TKN parameter, the process copies user-supplied data into a fixed-length stack buffer. • http://www.securityfocus.com/bid/93961 http://www.zerodayinitiative.com/advisories/ZDI-16-588 https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05320149 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722 https://www.tenable.com/security/research/tra-2016-32 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •