CVSS: 8.8EPSS: 1%CPEs: 11EXPL: 0CVE-2019-3493
https://notcve.org/view.php?id=CVE-2019-3493
29 Apr 2019 — A potential security vulnerability has been identified in Micro Focus Network Automation Software 9.20, 9.21, 10.00, 10.10, 10.20, 10.30, 10.40, 10.50, 2018.05, 2018.08, 2018.11, and Micro Focus Network Operations Management (NOM) all versions. The vulnerability could be remotely exploited to Remote Code Execution. Se ha identificado una potencial vulnerabilidad de seguridad en las versiones de Micro Focus Network Automation Software 9.20, 9.21, 10.00, 10.10, 10.20, 10.30, 10.40, 10.50, 2018.05, 2018.08, 20... • https://softwaresupport.softwaregrp.com/doc/KM03407763 •
CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 0CVE-2018-6492 – MFSBGN03806 rev.1 - HP Network Automation Software, Network Operations Management (NOM) Suite, Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-6492
10 May 2018 — Persistent Cross-Site Scripting, and non-persistent HTML Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow persistent cross-site scripting, and non-persistent HTML Injection. Cross-Site Scripting (XSS) persistente e inyección HTML no persistente en HP Network Operations Management Ultimate, versiones 2017.07, 2017.11 y 2018.02 y e... • http://www.securityfocus.com/bid/104131 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0CVE-2018-6493 – MFSBGN03806 rev.1 - HP Network Automation Software, Network Operations Management (NOM) Suite, Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-6493
10 May 2018 — SQL Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow Remote SQL Injection. Inyección SQL en HP Network Operations Management Ultimate, versiones 2017.07, 2017.11 y 2018.02 y en Network Automation, versiones 10.00, 10.10, 10.11, 10.20, 10.30, 10.40 y 10.50. La vulnerabilidad se podría explotar de forma remota para permitir una iny... • http://www.securityfocus.com/bid/104131 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 13%CPEs: 11EXPL: 0CVE-2017-5810 – Hewlett Packard Enterprise Network Automation RedirectServlet SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-5810
05 May 2017 — A remote sql injection vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found. Se ha encontrado una vulnerabilidad de inyección SQL remota en HPE Network Automation 9.1x, 9.2x, 10.0x, 10.1x y 10.2x. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Network Automation. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RedirectServlet component. Th... • http://www.securityfocus.com/bid/98331 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 14%CPEs: 11EXPL: 0CVE-2017-5811 – Hewlett Packard Enterprise Network Automation TrueControl Management Engine Service FileServlet Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2017-5811
05 May 2017 — A remote code execution vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found. Se ha encontrado una vulnerabilidad de ejecución remota de código en HPE Network Automation 9.1x, 9.2x, 10.0x, 10.1x y 10.2x. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Hewlett Packard Enterprise Network Automation. Authentication is not required to exploit this vulnerability. The specific flaw exists within the FileServlet se... • http://www.securityfocus.com/bid/98331 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 6%CPEs: 11EXPL: 0CVE-2017-5812 – Hewlett Packard Enterprise Network Automation PermissionFilter Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2017-5812
05 May 2017 — A remote sql information disclosure vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found. Se ha encontrado una vulnerabilidad de divulgación de información sql remota en HPE Network Automation 9.1x, 9.2x, 10.0x, 10.1x y 10.2x. This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Hewlett Packard Enterprise Network Automation. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ... • http://www.securityfocus.com/bid/98331 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 0%CPEs: 11EXPL: 0CVE-2017-5813 – HPE Security Bulletin HPESBGN03740 1
https://notcve.org/view.php?id=CVE-2017-5813
05 May 2017 — A remote unauthenticated access vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found. Se ha encontrado una vulnerabilidad de acceso remoto no autenticado en HPE Network Automation 9.1x, 9.2x, 10.0x, 10.1x y 10.2x. Potential security vulnerabilities have been identified in HPE Network Automation. The vulnerabilities could be remotely exploited to allow SQL injection, code execution, information disclosure, authentication bypass, elevated privilege execution, and inval... • http://www.securityfocus.com/bid/98331 •
CVSS: 10.0EPSS: 37%CPEs: 11EXPL: 0CVE-2017-5814 – HPE Security Bulletin HPESBGN03740 1
https://notcve.org/view.php?id=CVE-2017-5814
05 May 2017 — A remote sql injection authentication bypass in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found. Se ha encontrado una vulnerabilidad de omisión de autenticación remota de inyección SQL en HPE Network Automation 9.1x, 9.2x, 10.0x, 10.1x y 10.2x. Potential security vulnerabilities have been identified in HPE Network Automation. The vulnerabilities could be remotely exploited to allow SQL injection, code execution, information disclosure, authentication bypass, elevated privilege e... • http://www.securityfocus.com/bid/98331 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 20%CPEs: 12EXPL: 0CVE-2016-8511 – Hewlett Packard Enterprise Network Automation RPCServlet Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-8511
30 Nov 2016 — A Remote Code Execution vulnerability in HPE Network Automation using RPCServlet and Java Deserialization version v9.1x, v9.2x, v10.00, v10.00.01, v10.00.02, v10.10, v10.11, v10.11.01, v10.20 was found. Se ha encontrado una vulnerabilidad de ejecución remota de código en HPE Network Automation, que emplea RPCServlet y Java Deserialization, versiones v9.1x, v9.2x, v10.00, v10.00.01, v10.00.02, v10.10, v10.11, v10.11.01 y v10.20. This vulnerability allows remote attackers to execute arbitrary code on vulnerab... • http://www.securityfocus.com/bid/94610 • CWE-502: Deserialization of Untrusted Data •