Search

Find a vulnerability

Search criteria

    2 vulnerabilities by Hewlett Packard Enterprise Co.

    JVNDB-2022-000011

    Vulnerability from jvndb - Published: 2022-02-09 15:49 - Updated:2022-02-09 15:49
    Severity
    Summary
    HPE Agentless Management registers unquoted service paths
    Details
    HP Agentless Management provided by Hewlett Packard Enterprise registers some Windows services with unquoted file paths (CWE-428). Daisuke Ota of PwC Consulting LLC reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000011.html",
      "dc:date": "2022-02-09T15:49+09:00",
      "dcterms:issued": "2022-02-09T15:49+09:00",
      "dcterms:modified": "2022-02-09T15:49+09:00",
      "description": "HP Agentless Management provided by Hewlett Packard Enterprise registers some Windows services with unquoted file paths (CWE-428).\r\n\r\nDaisuke Ota of PwC Consulting LLC reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000011.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:hp:agentless_management",
          "@product": "HPE Agentless Management Service",
          "@vendor": "Hewlett Packard Enterprise Co.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:hp:proliant_agentless_management",
          "@product": "HPE ProLiant Agentless Management Service",
          "@vendor": "Hewlett Packard Enterprise Co.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": [
        {
          "@score": "6.8",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
          "@version": "2.0"
        },
        {
          "@score": "8.2",
          "@severity": "High",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2022-000011",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN12969207/index.html",
          "@id": "JVN#12969207",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2021-29218",
          "@id": "CVE-2021-29218",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-29218",
          "@id": "CVE-2021-29218",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "HPE Agentless Management registers unquoted service paths"
    }

    JVNDB-2011-001632

    Vulnerability from jvndb - Published: 2011-06-29 17:55 - Updated:2016-09-08 17:05
    Severity
    N/A (UNKNOWN) - -
    Summary
    Arbitrary Data Insertion Vulnerability in Hitachi Web Server SSL/TLS Protocol
    Details
    When using SSL on the Hitachi Web Server, it could allow an attacker to insert arbitrary data on the top of communication data.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-001632.html",
      "dc:date": "2016-09-08T17:05+09:00",
      "dcterms:issued": "2011-06-29T17:55+09:00",
      "dcterms:modified": "2016-09-08T17:05+09:00",
      "description": "When using SSL on the Hitachi Web Server, it could allow an attacker to insert arbitrary data on the top of communication data.",
      "link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-001632.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:hitachi:hitachi_web_server",
          "@product": "Hitachi Web Server",
          "@vendor": "Hitachi, Ltd",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:hp:matrix_operating_environment",
          "@product": "HPE Matrix Operating Environment",
          "@vendor": "Hewlett Packard Enterprise Co.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:hp:systems_insight_manager",
          "@product": "HPE Systems Insight Manager",
          "@vendor": "Hewlett Packard Enterprise Co.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:hp:virtual_connect",
          "@product": "HP Virtual Connect",
          "@vendor": "Hewlett-Packard Development Company,L.P",
          "@version": "2.2"
        }
      ],
      "sec:cvss": {
        "@score": "4.3",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2011-001632",
      "sec:references": [
        {
          "#text": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002319.html",
          "@id": "JVNDB-2009-002319",
          "@source": "JVN iPedia"
        },
        {
          "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555",
          "@id": "CVE-2009-3555",
          "@source": "CVE"
        },
        {
          "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3555",
          "@id": "CVE-2009-3555",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-noinfo",
          "@title": "No Mapping(CWE-noinfo)"
        }
      ],
      "title": "Arbitrary Data Insertion Vulnerability in Hitachi Web Server SSL/TLS Protocol"
    }