cbcvebase.

Hp Operations Manager vulnerabilities

8 known vulnerabilities affecting hp/operations_manager.

Total CVEs
8
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL6HIGH1MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2009-3843P2CRITICALCVSS 10.0PoCv8.102009-11-24
CVE-2009-3843 [CRITICAL] CWE-264 CVE-2009-3843: HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tom HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
nvd
CVE-2010-1033P3CRITICALCVSS 9.3PoCv7.5v8.10+1 more2010-04-21
CVE-2010-1033 [CRITICAL] CWE-119 CVE-2010-1033: Multiple stack-based buffer overflows in a certain Tetradyne ActiveX control in HP Operations Manage Multiple stack-based buffer overflows in a certain Tetradyne ActiveX control in HP Operations Manager 7.5, 8.10, and 8.16 might allow remote attackers to execute arbitrary code via a long string argument to the (1) LoadFile or (2) SaveFile method, related to srcvw32.dll and srcvw4.dll.
nvd
CVE-2009-3099P3CRITICALCVSS 10.0PoCv8.12009-09-08
CVE-2009-3099 [CRITICAL] CVE-2009-3099: Unspecified vulnerability in HP OpenView Operations Manager 8.1 on Windows Server 2003 SP2 allows re Unspecified vulnerability in HP OpenView Operations Manager 8.1 on Windows Server 2003 SP2 allows remote attackers to have an unknown impact, related to a "Remote exploit," as demonstrated by a certain module in VulnDisco Pack Professional 8.11, a different vulnerability than CVE-2007-3872. NOTE: as of 20090903, this disclosure has no actionable information
nvd
CVE-2016-1985P2CRITICALCVSS 10.0v8.1v8.10+2 more2016-01-30
CVE-2016-1985 [CRITICAL] CWE-94 CVE-2016-1985: HPE Operations Manager 8.x and 9.0 on Windows allows remote attackers to execute arbitrary commands HPE Operations Manager 8.x and 9.0 on Windows allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
nvd
CVE-2016-4373P2CRITICALCVSS 9.8≤ 9.21.120v9.20.02016-08-01
CVE-2016-4373 [CRITICAL] CWE-284 CVE-2016-4373: The AdminUI in HPE Operations Manager (OM) before 9.21.130 on Linux, Unix, and Solaris allows remote The AdminUI in HPE Operations Manager (OM) before 9.21.130 on Linux, Unix, and Solaris allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
nvd
CVE-2014-2648P2CRITICALCVSS 10.0v9.10v9.112014-10-10
CVE-2014-2648 [CRITICAL] CVE-2014-2648: Unspecified vulnerability in HP Operations Manager 9.10 and 9.11 on UNIX allows remote attackers to Unspecified vulnerability in HP Operations Manager 9.10 and 9.11 on UNIX allows remote attackers to execute arbitrary code via unknown vectors.
nvd
CVE-2014-2649P3HIGHCVSS 7.5v9.202014-10-10
CVE-2014-2649 [HIGH] CVE-2014-2649: Unspecified vulnerability in HP Operations Manager 9.20 on UNIX allows remote attackers to execute a Unspecified vulnerability in HP Operations Manager 9.20 on UNIX allows remote attackers to execute arbitrary code via unknown vectors.
nvd
CVE-2016-4380P4MEDIUMCVSS 5.4≤ 9.212016-09-08
CVE-2016-4380 [MEDIUM] CWE-79 CVE-2016-4380: Cross-site scripting (XSS) vulnerability in the AdminUI in HPE Operations Manager 9.21.x before 9.21 Cross-site scripting (XSS) vulnerability in the AdminUI in HPE Operations Manager 9.21.x before 9.21.130 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
nvd
Hp Operations Manager vulnerabilities | cvebase