CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2016-2009
https://notcve.org/view.php?id=CVE-2016-2009
HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00 y 10.01 permite a usuarios remotos autenticados ejecutar comandos arbitrarios a través de un objeto Java serializado manipulado, relacionado con la librería Apache Commons Collections (ACC). • https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05103564 • CWE-284: Improper Access Control •
CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0CVE-2016-2010
https://notcve.org/view.php?id=CVE-2016-2010
Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2011. Vulnerabilidad de XSS en HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00 y 10.01 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados, una vulnerabilidad diferente a CVE-2016-2011. • http://www.securitytracker.com/id/1035767 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05103564 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0CVE-2016-2011
https://notcve.org/view.php?id=CVE-2016-2011
Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2010. Vulnerabilidad de XSS en HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00 y 10.01 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados, una vulnerabilidad diferente a CVE-2016-2010. • http://www.securitytracker.com/id/1035767 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05103564 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2016-2012
https://notcve.org/view.php?id=CVE-2016-2012
HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote attackers to bypass authentication via unspecified vectors. HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00 y 10.01 permite a atacantes remotos eludir la autenticación a través de vectores no especificados. • http://www.securitytracker.com/id/1035767 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05103564 • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2016-2013
https://notcve.org/view.php?id=CVE-2016-2013
HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to obtain sensitive information via unspecified vectors. HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00 y 10.01 permite a usuarios remotos autenticados obtener información sensible a través de vectores no especificados. • http://www.securitytracker.com/id/1035767 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05103564 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •