Summary
| Detail | |||
|---|---|---|---|
| Vendor | Hp | First view | 2012-08-07 |
| Product | Network Node Manager I | Last view | 2016-05-07 |
| Version | 9.20 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:hp:network_node_manager_i | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 8.1 | 2016-05-07 | CVE-2016-2014 | HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to modify data or cause a denial of service via unspecified vectors. |
| 6.5 | 2016-05-07 | CVE-2016-2013 | HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to obtain sensitive information via unspecified vectors. |
| 6.5 | 2016-05-07 | CVE-2016-2012 | HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote attackers to bypass authentication via unspecified vectors. |
| 5.4 | 2016-05-07 | CVE-2016-2011 | Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2010. |
| 5.4 | 2016-05-07 | CVE-2016-2010 | Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2011. |
| 8.8 | 2016-05-07 | CVE-2016-2009 | HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. |
| 10 | 2014-09-10 | CVE-2014-2624 | Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x, 9.1x, and 9.2x allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2264. |
| 4.3 | 2014-05-09 | CVE-2013-6220 | Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 9.0, 9.10, and 9.20 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| 10 | 2014-04-19 | CVE-2013-6218 | Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x, 9.1x, and 9.2x allows remote attackers to execute arbitrary code via unknown vectors. |
| 7.5 | 2013-07-13 | CVE-2013-2351 | Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.00, 9.1x, and 9.2x allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors. |
| 4.3 | 2013-02-06 | CVE-2012-3279 | Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node Manager i (NNMi) 8.x, 9.0x, 9.1x, and 9.20 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| 10 | 2012-12-06 | CVE-2012-3275 | Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.1x and 9.20 allows remote attackers to execute arbitrary code via unknown vectors. |
| 5 | 2012-10-04 | CVE-2012-3267 | Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.20 allows remote attackers to obtain sensitive information via unknown vectors. |
| 4.3 | 2012-08-07 | CVE-2012-2022 | Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node Manager i (NNMi) 8.x, 9.0x, 9.1x, and 9.20 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 55% (5) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 22% (2) | CWE-284 | Access Control (Authorization) Issues |
| 11% (1) | CWE-287 | Improper Authentication |
| 11% (1) | CWE-200 | Information Exposure |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2014-A-0136 | HP Network Node Manager i Remote Code Execution Vulnerability Severity: Category I - VMSKEY: V0054317 |
| 2013-B-0073 | HP Network Node Manager i (NNMi) Unauthorized Access Vulnerability Severity: Category I - VMSKEY: V0039335 |
| 2012-B-0125 | HP Network Node Manager i Remote Unauthorized Access Vulnerability Severity: Category I - VMSKEY: V0035496 |
| 2012-B-0101 | HP Network Node Manager i (NNMi) Information Disclosure Vulnerability Severity: Category I - VMSKEY: V0034185 |
| 2012-B-0074 | Multiple Cross-Site Scripting Vulnerabilities in HP Network Node Manager i (N... Severity: Category I - VMSKEY: V0033555 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2015-01-13 | HP Network Node Manager ovopi.dll command 685 insecure pointer dereference at... RuleID : 32729 - Type : POLICY-OTHER - Revision : 3 |
| 2015-01-06 | HP Network Node Manager ovopi.dll buffer overflow attempt RuleID : 32628 - Type : SERVER-OTHER - Revision : 3 |
| 2014-12-16 | HP Network Node Manager ovopi.dll buffer overflow attempt RuleID : 32530 - Type : SERVER-OTHER - Revision : 3 |
| 2014-12-09 | HP Network Node Manager ovopi.dll buffer overflow attempt RuleID : 32403 - Type : SERVER-OTHER - Revision : 3 |
| 2014-12-04 | HP Network Node Manager ovopi.dll buffer overflow attempt RuleID : 32371 - Type : SERVER-OTHER - Revision : 4 |
| 2014-11-16 | HP Network Node Manager ovopi.dll buffer overflow attempt RuleID : 32085 - Type : SERVER-OTHER - Revision : 4 |
| 2014-11-16 | HP Network Node Manager ovopi.dll buffer overflow attempt RuleID : 32084 - Type : SERVER-OTHER - Revision : 4 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2014-12-08 | Name: The remote web server hosts an application that is affected by a cross- site ... File: hp_nnmi_HPSBMU02798-rhel.nasl - Type: ACT_GATHER_INFO |
| 2014-12-08 | Name: The remote host is potentially affected by multiple vulnerabilities. File: hp_nnmi_HPSBMU03035-rhel.nasl - Type: ACT_GATHER_INFO |
| 2014-12-08 | Name: The remote host is potentially affected by multiple vulnerabilities. File: hp_nnmi_HPSBMU03035.nasl - Type: ACT_GATHER_INFO |
| 2014-12-08 | Name: The remote host is potentially affected by a remote code execution vulnerabil... File: hp_nnmi_HPSBMU03075-rhel.nasl - Type: ACT_GATHER_INFO |
| 2014-09-17 | Name: The remote host is potentially affected by a remote code execution vulnerabil... File: hp_nnmi_HPSBMU03075.nasl - Type: ACT_GATHER_INFO |
| 2013-09-26 | Name: The remote web server hosts an application that is affected by a cross- site ... File: hp_nnmi_HPSB3C02687.nasl - Type: ACT_GATHER_INFO |
| 2013-07-17 | Name: The remote HP-UX host is missing a security-related patch. File: hpux_PHSS_43408.nasl - Type: ACT_GATHER_INFO |
| 2012-12-19 | Name: The remote HP-UX host is missing a security-related patch. File: hpux_PHSS_42793.nasl - Type: ACT_GATHER_INFO |
| 2012-03-06 | Name: The remote HP-UX host is missing a security-related patch. File: hpux_PHSS_42328.nasl - Type: ACT_GATHER_INFO |
