CVSS: 10.0EPSS: 26%CPEs: 1EXPL: 0CVE-2020-7136
https://notcve.org/view.php?id=CVE-2020-7136
A security vulnerability in HPE Smart Update Manager (SUM) prior to version 8.5.6 could allow remote unauthorized access. Hewlett Packard Enterprise has provided a software update to resolve this vulnerability in HPE Smart Update Manager (SUM) prior to 8.5.6. Please visit the HPE Support Center at https://support.hpe.com/hpesc/public/home to download the latest version of HPE Smart Update Manager (SUM). Download the latest version of HPE Smart Update Manager (SUM) or download the latest Service Pack For ProLiant (SPP). Una vulnerabilidad de seguridad en HPE Smart Update Manager (SUM) anterior a la versión 8.5.6, podría permitir un acceso remoto no autorizado. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03997en_us •
CVSS: 10.0EPSS: 0%CPEs: 12EXPL: 0CVE-2019-12002
https://notcve.org/view.php?id=CVE-2019-12002
A remote session reuse vulnerability leading to access restriction bypass was discovered in HPE MSA 2040 SAN Storage; HPE MSA 1040 SAN Storage; HPE MSA 1050 SAN Storage; HPE MSA 2042 SAN Storage; HPE MSA 2050 SAN Storage; HPE MSA 2052 SAN Storage version(s): GL225P001 and earlier; GL225P001 and earlier; VE270R001-01 and earlier; GL225P001 and earlier; VL270R001-01 and earlier; VL270R001-01 and earlier. Se ha detectado una vulnerabilidad de reutilización de sesión remota conllevando a una omisión de la restricción de acceso en HPE MSA 2040 SAN Storage; HPE MSA 1040 SAN Storage; HPE MSA 1050 SAN Storage; HPE MSA 2042 SAN Storage; HPE MSA 2050 SAN Storage; HPE MSA 2052 SAN Storage versiones: GL225P001 y anteriores; GL225P001 y anteriores; VE270R001-01 y anteriores; GL225P001 y anteriores; VL270R001-01 y anteriores; VL270R001-01 y anteriores. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03940en_us •
CVSS: 7.1EPSS: 0%CPEs: 12EXPL: 0CVE-2019-12001
https://notcve.org/view.php?id=CVE-2019-12001
A remote session reuse vulnerability leading to access restriction bypass was discovered in HPE MSA 2040 SAN Storage; HPE MSA 1040 SAN Storage; HPE MSA 1050 SAN Storage; HPE MSA 2042 SAN Storage; HPE MSA 2050 SAN Storage; HPE MSA 2052 SAN Storage version(s): GL225P001 and earlier; GL225P001 and earlier; VE270R001-01 and earlier; GL225P001 and earlier; VL270R001-01 and earlier; VL270R001-01 and earlier. Se detectó una vulnerabilidad de reutilización de sesión remota que conllevó a omitir una restricción de acceso en HPE MSA 2040 SAN Storage; HPE MSA 1040 SAN Storage; HPE MSA 1050 SAN Storage; HPE MSA 2042 SAN Storage; HPE MSA 2050 SAN Storage; HPE MSA 2052 SAN Storage versiones: GL225P001 y anteriores; GL225P001 y anteriores; VE270R001-01 y anteriores; GL225P001 y anteriores; VL270R001-01 y anteriores; VL270R001-01 y anteriores. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03940en_us • CWE-613: Insufficient Session Expiration •
CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 0CVE-2019-11999
https://notcve.org/view.php?id=CVE-2019-11999
Potential security vulnerabilities have been identified in HPE OpenCall Media Platform (OCMP) resulting in remote arbitrary file download and cross site scripting. HPE has made the following updates available to resolve the vulnerability in the impacted versions of OCMP. * For OCMP version 4.4.X - please upgrade to OCMP 4.4.8 and then install RP806 * For OCMP 4.5.x please contact HPE Technical Support to obtain the necessary software updates. Se han identificado potenciales vulnerabilidades de seguridad en HPE OpenCall Media Platform (OCMP), resultando en una descarga de archivos arbitraria remota y una vulnerabilidad de tipo cross site scripting. HPE ha puesto a disposición las siguientes actualizaciones para resolver la vulnerabilidad en las versiones afectadas de OCMP. * Para OCMP versión 4.4.X - por favor, actualice al OCMP versión 4.4.8 y luego instale RP806 * Para OCMP versión 4.5.x por favor, contacte a Soporte Técnico de HPE para obtener las actualizaciones de software necesarias. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03984en_us • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-11998
https://notcve.org/view.php?id=CVE-2019-11998
HPE Superdome Flex Server is vulnerable to multiple remote vulnerabilities via improper input validation of administrator commands. This vulnerability could allow an Administrator to bypass security restrictions and access multiple remote vulnerabilities including information disclosure, or denial of service. HPE has provided firmware updates that address the above vulnerabilities for the HPE Superdome Flex Server starting with firmware version v3.20.186 (not available online) and v3.20.206 (available online). Apply v3.20.206 (4 December 2019) or a newer version to resolve this issue. Please visit HPE Support Center https://support.hpe.com/hpesc/public/home to obtain the updated firmware for your product. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03978en_us • CWE-20: Improper Input Validation •