Hp Network Automation vulnerabilities

CVE-2018-6493 [HIGH] CWE-89 CVE-2018-6493: SQL Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in SQL Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow Remote SQL Injection.

CVE-2018-6492 [MEDIUM] CWE-79 CVE-2018-6492: Persistent Cross-Site Scripting, and non-persistent HTML Injection in HP Network Operations Manageme Persistent Cross-Site Scripting, and non-persistent HTML Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow persistent cross-site scripting, and non-persistent HTML Injection.

CVE-2016-8511 [CRITICAL] CWE-502 CVE-2016-8511: A Remote Code Execution vulnerability in HPE Network Automation using RPCServlet and Java Deserializ A Remote Code Execution vulnerability in HPE Network Automation using RPCServlet and Java Deserialization version v9.1x, v9.2x, v10.00, v10.00.01, v10.00.02, v10.10, v10.11, v10.11.01, v10.20 was found.

CVE-2017-5810 [CRITICAL] CWE-89 CVE-2017-5810: A remote sql injection vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and A remote sql injection vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.

CVE-2017-5814 [CRITICAL] CWE-89 CVE-2017-5814: A remote sql injection authentication bypass in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10 A remote sql injection authentication bypass in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.

CVE-2017-5811 [HIGH] CWE-200 CVE-2017-5811: A remote code execution vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and A remote code execution vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.

CVE-2017-5812 [HIGH] CWE-89 CVE-2017-5812: A remote sql information disclosure vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0 A remote sql information disclosure vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.

CVE-2017-5813 [MEDIUM] CVE-2017-5813: A remote unauthenticated access vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 1 A remote unauthenticated access vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.

CVE-2016-4386 [HIGH] CVE-2016-4386: HPE Network Automation Software 10.10 allows local users to write to arbitrary files via unspecified HPE Network Automation Software 10.10 allows local users to write to arbitrary files via unspecified vectors.

CVE-2016-4385 [HIGH] CWE-502 CVE-2016-4385: The RMI service in HP Network Automation Software 9.1x, 9.2x, 10.0x before 10.00.02.01, and 10.1x be The RMI service in HP Network Automation Software 9.1x, 9.2x, 10.0x before 10.00.02.01, and 10.1x before 10.11.00.01 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) and Commons BeanUtils libraries.

CVE-2016-1988 [CRITICAL] CVE-2016-1988: HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to exec HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-1989.

CVE-2016-1989 [CRITICAL] CVE-2016-1989: HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to exec HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-1988.

CVE-2014-2646 [HIGH] CWE-264 CVE-2014-2646: Unspecified vulnerability in HP Network Automation 9.10 and 9.20 allows local users to bypass intend Unspecified vulnerability in HP Network Automation 9.10 and 9.20 allows local users to bypass intended access restrictions via unknown vectors.

CVE-2011-4790 [CRITICAL] CVE-2011-4790: Unspecified vulnerability in HP Network Automation 7.5x, 7.6x, 9.0, and 9.10 allows remote attackers Unspecified vulnerability in HP Network Automation 7.5x, 7.6x, 9.0, and 9.10 allows remote attackers to execute arbitrary code via unknown vectors.

CVE-2011-2403 [MEDIUM] CWE-89 CVE-2011-2403: SQL injection vulnerability in HP Network Automation 7.2x, 7.5x, 7.6x, 9.0, and 9.10 allows remote a SQL injection vulnerability in HP Network Automation 7.2x, 7.5x, 7.6x, 9.0, and 9.10 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

CVE-2011-2402 [MEDIUM] CWE-79 CVE-2011-2402: Cross-site scripting (XSS) vulnerability in HP Network Automation 7.2x, 7.5x, 7.6x, 9.0, and 9.10 al Cross-site scripting (XSS) vulnerability in HP Network Automation 7.2x, 7.5x, 7.6x, 9.0, and 9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2011-1725 [MEDIUM] CWE-200 CVE-2011-1725: Unspecified vulnerability in HP Network Automation 7.2x, 7.5x, 7.6x, 9.0, and 9.10 allows remote att Unspecified vulnerability in HP Network Automation 7.2x, 7.5x, 7.6x, 9.0, and 9.10 allows remote attackers to obtain sensitive information via unknown vectors.