CVE-2017-8994 – Hewlett Packard Enterprise Operations Orchestration Backwards Compatibility Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-8994
A input validation vulnerability in HPE Operations Orchestration product all versions prior to 10.80, allows for the execution of code remotely. Una vulnerabilidad de validación de entradas en el producto HPE Operations Orchestration en todas las versiones anteriores a 10.80 permite la ejecución remota de código. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Operations Orchestration. Authentication is not required to exploit this vulnerability. The specific flaw exists within the wsExecutionBridgeService servlet. The issue lies in the failure to properly validate user-supplied data, which can result in the deserialization of untrusted data. • http://www.securityfocus.com/bid/100588 https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03767en_us https://www.tenable.com/security/research/tra-2017-25 https://www.tenable.com/security/research/tra-2017-28 • CWE-20: Improper Input Validation •
CVE-2016-8519 – Hewlett Packard Enterprise Operations Orchestration Backwards Compatibility Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-8519
A remote code execution vulnerability in HPE Operations Orchestration Community edition and Enterprise edition prior to v10.70 was found. Se ha encontrado una vulnerabilidad de ejecución remota de código en HPE Operations Orchestration en las ediciones Community y Enterprise anteriores a v10.70. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Operations Orchestration. Authentication is not required to exploit this vulnerability. The specific flaw exists within the wsExecutionBridgeService servlet. The issue lies in the failure to properly validate user-supplied data which can result in deserialization of untrusted data. • http://www.securityfocus.com/bid/95225 http://www.securitytracker.com/id/1037552 https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05361944 https://www.tenable.com/security/research/tra-2017-05 • CWE-502: Deserialization of Untrusted Data •
CVE-2015-5451
https://notcve.org/view.php?id=CVE-2015-5451
Cross-site request forgery (CSRF) vulnerability in HP Operations Orchestration Central 10.x before 10.22.001 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Vulnerabilidad de CSRF en HP Operations Orchestration Central 10.x en versiones anteriores a 10.22.001 permite a atacantes remotos secuestrar la autenticación de víctimas no especificadas a través de vectores desconocidos. • http://www.securitytracker.com/id/1034177 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04894110 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2013-6191 – HP Operations Orchestration Central 9.06 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2013-6191
Cross-site scripting (XSS) vulnerability in HP Operations Orchestration before 9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en HP Operations Orchestration anterior a la versión 9 permite a atacantes remotos inyectar script web o HTML arbitrario a través de vectores no especificados. HP Operations Orchestration Central version 9.06 suffers from multiple cross site scripting vulnerabilities. • http://www.securitytracker.com/id/1029496 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04041093 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-6192 – HP Operations Orchestration Central 9.06 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2013-6192
Cross-site request forgery (CSRF) vulnerability in HP Operations Orchestration before 9 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Vulnerabilidad de CSRF en HP Operations Orchestration anterior a la versión 9 permite a atacantes remotos secuestrar la autenticación de víctimas no especificadas a través de vectores desconocidos. HP Operations Orchestration Central version 9.06 suffers from multiple cross site scripting vulnerabilities. • http://www.securitytracker.com/id/1029496 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04041093 • CWE-352: Cross-Site Request Forgery (CSRF) •