CVSS: 6.4EPSS: 0%CPEs: 10EXPL: 0CVE-2018-6494 – MFSBGN03807 rev.1 - HP Service Manager Software, Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-6494
Remote SQL Injection against the HP Service Manager Software Web Tier, version 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, may lead to unauthorized disclosure of data. Vulnerabilidad de inyección SQL en Dolibarr en versiones anteriores a la 7.0.2 permite que atacantes remotos ejecuten comandos SQL arbitrarios mediante el parámetro sortfield en /accountancy/admin/accountmodel.php, /accountancy/admin/categories_list.php, /accountancy/admin/journals_list.php, /admin/dict.php, /admin/mails_templates.php o /admin/website.php. • http://www.securityfocus.com/bid/104141 http://www.securitytracker.com/id/1040902 https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158656 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.0EPSS: 0%CPEs: 48EXPL: 0CVE-2016-4371
https://notcve.org/view.php?id=CVE-2016-4371
HPE Service Manager Software 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote authenticated users to obtain sensitive information, modify data, and conduct server-side request forgery (SSRF) attacks via unspecified vectors, related to the Server, Web Client, Windows Client, and Service Request components. HPE Service Manager Software 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40 y 9.41 permite a usuarios remotos autenticados obtener información sensible, modificar datos y llevar a cabo ataques de SSRF a través de vectores no especificados, relacionado con los componentes Server, Web Client, Windows Client y Service Request. • https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05167176 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2016-2025
https://notcve.org/view.php?id=CVE-2016-2025
HPE Service Manager 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote attackers to obtain sensitive information via unspecified vectors, related to the Web Client, Service Request Catalog, and Mobility components. HPE Service Manager 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40 y 9.41 permite a atacantes remotos obtener información sensible a través de vectores no especificados, relacionado con los componentes Web Client, Service Request Catalog y Mobility. • http://www.securitytracker.com/id/1035954 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05149290 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0CVE-2016-1998
https://notcve.org/view.php?id=CVE-2016-1998
HPE Service Manager (SM) 9.3x before 9.35 P4 and 9.4x before 9.41.P2 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. HPE Service Manager (SM) 9.3x en versiones anteriores a 9.35 P4 y 9.4x en versiones anteriores a 9.41.P2 permite a atacantes remotos ejecutar comandos arbitrarios a través de un objeto Java serializado manipulado, relacionado con la librería Apache Commons Collections. • https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054565 • CWE-20: Improper Input Validation •