CVSS: 9.8EPSS: 4%CPEs: 6EXPL: 1CVE-2016-4372 – HPE < 7.2 - Java Deserialization
https://notcve.org/view.php?id=CVE-2016-4372
HPE iMC PLAT before 7.2 E0403P04, iMC EAD before 7.2 E0405P05, iMC APM before 7.2 E0401P04, iMC NTA before 7.2 E0401P01, iMC BIMS before 7.2 E0402P02, and iMC UAM_TAM before 7.2 E0405P05 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. HPE iMC PLAT en versiones anteriores a 7.2 E0403P04, iMC EAD en versiones anteriores a 7.2 E0405P05, iMC APM en versiones anteriores a 7.2 E0401P04, iMC NTA en versiones anteriores a 7.2 E0401P01, iMC BIMS en versiones anteriores a7.2 E0402P02 y iMC UAM_TAM en versiones anteriores a 7.2 E0405P05 permiten a atacantes remotos ejecutar comandos arbitrarios a través de un objeto Java serializado manipulado, relacionado con la librería Apache Commons Collections (ACC). • https://www.exploit-db.com/exploits/42756 http://www.securityfocus.com/bid/91739 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05200601 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 90%CPEs: 2EXPL: 0CVE-2014-2618 – Hewlett-Packard Intelligent Management Center BIMS UploadServlet Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2014-2618
Unspecified vulnerability in HP Intelligent Management Center (iMC) before 7.0 E02020P03 and Branch Intelligent Management System (BIMS) before 7.0 E0201P02 allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-2080. Vulnerabilidad no especificada en HP Intelligent Management Center (iMC) anterior a 7.0 E02020P03 y Branch Intelligent Management System (BIMS) anterior a 7.0 E0201P02 permite a atacantes remotos obtener información sensible a través de vectores desconocidos, también conocido como ZDI-CAN-2080. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UploadServlet servlet. This servlet contains a directory traversal issue which allows any file readable by SYSTEM to be disclosed. • http://www.securityfocus.com/bid/68540 http://www.securitytracker.com/id/1030568 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04369484 •
CVSS: 7.8EPSS: 3%CPEs: 2EXPL: 0CVE-2014-2620 – Hewlett-Packard Intelligent Management Center FaultDownloadServlet Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2014-2620
Unspecified vulnerability in HP Intelligent Management Center (iMC) before 7.0 E02020P03 and Branch Intelligent Management System (BIMS) before 7.0 E0201P02 allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-2089. Vulnerabilidad no especificada en HP Intelligent Management Center (iMC) anterior a 7.0 E02020P03 y Branch Intelligent Management System (BIMS) anterior a 7.0 E0201P02 permite a atacantes remotos obtener información sensible a través de vectores desconocidos, también conocido como ZDI-CAN-2089. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the FaultDownloadServlet servlet. This servlet contains a directory traversal issue which allows any file readable by SYSTEM to be disclosed. • http://www.securityfocus.com/bid/68544 http://www.securitytracker.com/id/1030568 https://exchange.xforce.ibmcloud.com/vulnerabilities/94490 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04369484 •
CVSS: 7.8EPSS: 3%CPEs: 2EXPL: 0CVE-2014-2621 – Hewlett-Packard Intelligent Management Center IctDownloadServlet Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2014-2621
Unspecified vulnerability in HP Intelligent Management Center (iMC) before 7.0 E02020P03 and Branch Intelligent Management System (BIMS) before 7.0 E0201P02 allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-2090. Vulnerabilidad no especificada en HP Intelligent Management Center (iMC) anterior a 7.0 E02020P03 y Branch Intelligent Management System (BIMS) anterior a 7.0 E0201P02 permite a atacantes remotos obtener información sensible a través de vectores desconocidos, también conocido como ZDI-CAN-2090. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IctDownloadServlet servlet. This servlet contains a directory traversal issue which allows any file readable by SYSTEM to be disclosed. • http://www.securityfocus.com/bid/68546 http://www.securitytracker.com/id/1030568 https://exchange.xforce.ibmcloud.com/vulnerabilities/94491 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04369484 •
CVSS: 7.8EPSS: 3%CPEs: 2EXPL: 0CVE-2014-2619 – Hewlett-Packard Intelligent Management Center SyslogDownloadServlet Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2014-2619
Unspecified vulnerability in HP Intelligent Management Center (iMC) before 7.0 E02020P03 and Branch Intelligent Management System (BIMS) before 7.0 E0201P02 allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-2088. Vulnerabilidad no especificada en HP Intelligent Management Center (iMC) anterior a 7.0 E02020P03 y Branch Intelligent Management System (BIMS) anterior a 7.0 E0201P02 permite a atacantes remotos obtener información sensible a través de vectores desconocidos, también conocido como ZDI-CAN-2088. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SyslogDownloadServlet servlet. This servlet contains a directory traversal issue which allows any file readable by SYSTEM to be disclosed. • http://www.securityfocus.com/bid/68543 http://www.securitytracker.com/id/1030568 https://exchange.xforce.ibmcloud.com/vulnerabilities/94489 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04369484 •