CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-7135
https://notcve.org/view.php?id=CVE-2020-7135
A potential security vulnerability has been identified in the disk drive firmware installers named Supplemental Update / Online ROM Flash Component on HPE servers running Linux. The vulnerable software is included in the HPE Service Pack for ProLiant (SPP) releases 2018.06.0, 2018.09.0, and 2018.11.0. The vulnerable software is the Supplemental Update / Online ROM Flash Component for Linux (x64) software. The installer in this software component could be locally exploited to execute arbitrary code. Drive Models can be found in the Vulnerability Resolution field of the security bulletin. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03945en_us •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-7134
https://notcve.org/view.php?id=CVE-2020-7134
A remote access to sensitive data vulnerability was discovered in HPE IOT + GCP version(s): 1.4.0, 1.4.1, 1.4.2, 1.2.4.2. Se descubrió una vulnerabilidad de acceso remoto a datos confidenciales en HPE IOT + GCP versiones: 1.4.0, 1.4.1, 1.4.2, 1.2.4.2. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03947en_us •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-7133
https://notcve.org/view.php?id=CVE-2020-7133
A unauthorized remote access vulnerability was discovered in HPE IOT + GCP version(s): 1.4.0, 1.4.1, 1.4.2, 1.2.4.2. Se detectó una vulnerabilidad de acceso remoto no autorizado en HPE IOT + GCP versiones: 1.4.0, 1.4.1, 1.4.2, 1.2.4.2. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03947en_us •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2020-7131
https://notcve.org/view.php?id=CVE-2020-7131
This document describes a security vulnerability in Blade Maintenance Entity, Integrated Maintenance Entity and Maintenance Entity products. All J/H-series NonStop systems have a security vulnerability associated with an open UDP port 17185 on the Maintenance LAN which could result in information disclosure, denial-of-service attacks or local memory corruption against the affected system and a complete control of the system may also be possible. This vulnerability exists only if one gains access to the Maintenance LAN to which Blade Maintenance Entity, Integrated Maintenance Entity or Maintenance Entity product is connected. **Workaround:** Block the UDP port 17185(In the Maintenance LAN Network Switch/Firewall). Fix: Install following SPRs, which are already available: * T1805A01^AAI (Integrated Maintenance Entity) * T4805A01^AAZ (Blade Maintenance Entity). • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03996en_us • CWE-787: Out-of-bounds Write •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7132
https://notcve.org/view.php?id=CVE-2020-7132
A potential security vulnerability has been identified in HPE Onboard Administrator. The vulnerability could be remotely exploited to allow Reflected Cross Site Scripting. HPE has made the following software updates and mitigation information to resolve the vulnerability in HPE Onboard Administrator. * OA 4.95 (Linux and Windows). Ha sido identificado una posible vulnerabilidad de seguridad en HPE Onboard Administrator. La vulnerabilidad podría ser explotada remotamente para permitir un ataque de tipo Cross Site Scripting Reflejado. • https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=emr_na-hpesbhf03988en_us https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03988en_us • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •