NotCVE - vendor:"Microfocus" product:"Network Automation" version:"9.21"

8 results (0.002 seconds)

CVSS: 8.8EPSS: 1%CPEs: 11EXPL: 0

CVE-2019-3493

https://notcve.org/view.php?id=CVE-2019-3493

29 Apr 2019 — A potential security vulnerability has been identified in Micro Focus Network Automation Software 9.20, 9.21, 10.00, 10.10, 10.20, 10.30, 10.40, 10.50, 2018.05, 2018.08, 2018.11, and Micro Focus Network Operations Management (NOM) all versions. The vulnerability could be remotely exploited to Remote Code Execution. Se ha identificado una potencial vulnerabilidad de seguridad en las versiones de Micro Focus Network Automation Software 9.20, 9.21, 10.00, 10.10, 10.20, 10.30, 10.40, 10.50, 2018.05, 2018.08, 20... • https://softwaresupport.softwaregrp.com/doc/KM03407763 •

CVSS: 10.0EPSS: 13%CPEs: 11EXPL: 0

CVE-2017-5810 – Hewlett Packard Enterprise Network Automation RedirectServlet SQL Injection Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2017-5810

05 May 2017 — A remote sql injection vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found. Se ha encontrado una vulnerabilidad de inyección SQL remota en HPE Network Automation 9.1x, 9.2x, 10.0x, 10.1x y 10.2x. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Network Automation. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RedirectServlet component. Th... • http://www.securityfocus.com/bid/98331 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.8EPSS: 14%CPEs: 11EXPL: 0

CVE-2017-5811 – Hewlett Packard Enterprise Network Automation TrueControl Management Engine Service FileServlet Directory Traversal Information Disclosure Vulnerability

https://notcve.org/view.php?id=CVE-2017-5811

05 May 2017 — A remote code execution vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found. Se ha encontrado una vulnerabilidad de ejecución remota de código en HPE Network Automation 9.1x, 9.2x, 10.0x, 10.1x y 10.2x. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Hewlett Packard Enterprise Network Automation. Authentication is not required to exploit this vulnerability. The specific flaw exists within the FileServlet se... • http://www.securityfocus.com/bid/98331 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 6%CPEs: 11EXPL: 0

CVE-2017-5812 – Hewlett Packard Enterprise Network Automation PermissionFilter Authentication Bypass Vulnerability

https://notcve.org/view.php?id=CVE-2017-5812

05 May 2017 — A remote sql information disclosure vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found. Se ha encontrado una vulnerabilidad de divulgación de información sql remota en HPE Network Automation 9.1x, 9.2x, 10.0x, 10.1x y 10.2x. This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Hewlett Packard Enterprise Network Automation. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ... • http://www.securityfocus.com/bid/98331 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.8EPSS: 0%CPEs: 11EXPL: 0

CVE-2017-5813 – HPE Security Bulletin HPESBGN03740 1

https://notcve.org/view.php?id=CVE-2017-5813

05 May 2017 — A remote unauthenticated access vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found. Se ha encontrado una vulnerabilidad de acceso remoto no autenticado en HPE Network Automation 9.1x, 9.2x, 10.0x, 10.1x y 10.2x. Potential security vulnerabilities have been identified in HPE Network Automation. The vulnerabilities could be remotely exploited to allow SQL injection, code execution, information disclosure, authentication bypass, elevated privilege execution, and inval... • http://www.securityfocus.com/bid/98331 •

CVSS: 10.0EPSS: 37%CPEs: 11EXPL: 0

CVE-2017-5814 – HPE Security Bulletin HPESBGN03740 1

https://notcve.org/view.php?id=CVE-2017-5814

05 May 2017 — A remote sql injection authentication bypass in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found. Se ha encontrado una vulnerabilidad de omisión de autenticación remota de inyección SQL en HPE Network Automation 9.1x, 9.2x, 10.0x, 10.1x y 10.2x. Potential security vulnerabilities have been identified in HPE Network Automation. The vulnerabilities could be remotely exploited to allow SQL injection, code execution, information disclosure, authentication bypass, elevated privilege e... • http://www.securityfocus.com/bid/98331 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 20%CPEs: 12EXPL: 0

CVE-2016-8511 – Hewlett Packard Enterprise Network Automation RPCServlet Deserialization of Untrusted Data Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2016-8511

30 Nov 2016 — A Remote Code Execution vulnerability in HPE Network Automation using RPCServlet and Java Deserialization version v9.1x, v9.2x, v10.00, v10.00.01, v10.00.02, v10.10, v10.11, v10.11.01, v10.20 was found. Se ha encontrado una vulnerabilidad de ejecución remota de código en HPE Network Automation, que emplea RPCServlet y Java Deserialization, versiones v9.1x, v9.2x, v10.00, v10.00.01, v10.00.02, v10.10, v10.11, v10.11.01 y v10.20. This vulnerability allows remote attackers to execute arbitrary code on vulnerab... • http://www.securityfocus.com/bid/94610 • CWE-502: Deserialization of Untrusted Data •

CVSS: 7.5EPSS: 4%CPEs: 10EXPL: 0

CVE-2016-4385 – Hewlett Packard Enterprise Network Automation RMI Registry Deserialization of Untrusted Data Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2016-4385

21 Sep 2016 — The RMI service in HP Network Automation Software 9.1x, 9.2x, 10.0x before 10.00.02.01, and 10.1x before 10.11.00.01 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) and Commons BeanUtils libraries. El servicio RMI en HP Network Automation Software 9.1x, 9.2x, 10.0x en versiones anteriores a 10.00.02.01 y 10.1x en versiones anteriores a 10.11.00.01 permite a atacantes remotos ejecutar comandos arbitrarios a través de ... • http://www.securityfocus.com/bid/93109 • CWE-502: Deserialization of Untrusted Data •