CVSS: 8.0EPSS: 0%CPEs: 48EXPL: 0CVE-2016-4371
https://notcve.org/view.php?id=CVE-2016-4371
HPE Service Manager Software 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote authenticated users to obtain sensitive information, modify data, and conduct server-side request forgery (SSRF) attacks via unspecified vectors, related to the Server, Web Client, Windows Client, and Service Request components. HPE Service Manager Software 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40 y 9.41 permite a usuarios remotos autenticados obtener información sensible, modificar datos y llevar a cabo ataques de SSRF a través de vectores no especificados, relacionado con los componentes Server, Web Client, Windows Client y Service Request. • https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05167176 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2016-2025
https://notcve.org/view.php?id=CVE-2016-2025
HPE Service Manager 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote attackers to obtain sensitive information via unspecified vectors, related to the Web Client, Service Request Catalog, and Mobility components. HPE Service Manager 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40 y 9.41 permite a atacantes remotos obtener información sensible a través de vectores no especificados, relacionado con los componentes Web Client, Service Request Catalog y Mobility. • http://www.securitytracker.com/id/1035954 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05149290 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0CVE-2016-1998
https://notcve.org/view.php?id=CVE-2016-1998
HPE Service Manager (SM) 9.3x before 9.35 P4 and 9.4x before 9.41.P2 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. HPE Service Manager (SM) 9.3x en versiones anteriores a 9.35 P4 y 9.4x en versiones anteriores a 9.41.P2 permite a atacantes remotos ejecutar comandos arbitrarios a través de un objeto Java serializado manipulado, relacionado con la librería Apache Commons Collections. • https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054565 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2014-2633
https://notcve.org/view.php?id=CVE-2014-2633
Cross-site request forgery (CSRF) vulnerability in the server in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Vulnerabilidad de CSRF en el servidor en HP Service Manager (SM) 7.21 y 9.x anterior a 9.34 permite a atacantes remotos secuestrar la autenticación de victimas no especificadas a través de vectores desconocidos. • http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04388127 http://secunia.com/advisories/60028 http://secunia.com/advisories/60714 http://www.securityfocus.com/bid/69376 http://www.securitytracker.com/id/1030756 https://exchange.xforce.ibmcloud.com/vulnerabilities/95449 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 10%CPEs: 6EXPL: 0CVE-2014-2632
https://notcve.org/view.php?id=CVE-2014-2632
Unspecified vulnerability in the WebTier component in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to execute arbitrary code via unknown vectors. Vulnerabilidad no especificada en el componente WebTier en HP Service Manager (SM) 7.21 y 9.x anterior a 9.34 permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos. • http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04388127 http://secunia.com/advisories/60028 http://secunia.com/advisories/60714 http://www.securityfocus.com/bid/69377 http://www.securitytracker.com/id/1030756 https://exchange.xforce.ibmcloud.com/vulnerabilities/95448 •