This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Hp First view 2012-08-07
Product Network Node Manager I Last view 2016-05-07
Version 9.20 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:hp:network_node_manager_i

Activity : Overall

Related : CVE

  Date Alert Description
8.1 2016-05-07 CVE-2016-2014

HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to modify data or cause a denial of service via unspecified vectors.

6.5 2016-05-07 CVE-2016-2013

HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to obtain sensitive information via unspecified vectors.

6.5 2016-05-07 CVE-2016-2012

HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote attackers to bypass authentication via unspecified vectors.

5.4 2016-05-07 CVE-2016-2011

Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2010.

5.4 2016-05-07 CVE-2016-2010

Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2011.

8.8 2016-05-07 CVE-2016-2009

HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

10 2014-09-10 CVE-2014-2624

Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x, 9.1x, and 9.2x allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2264.

4.3 2014-05-09 CVE-2013-6220

Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 9.0, 9.10, and 9.20 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

10 2014-04-19 CVE-2013-6218

Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x, 9.1x, and 9.2x allows remote attackers to execute arbitrary code via unknown vectors.

7.5 2013-07-13 CVE-2013-2351

Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.00, 9.1x, and 9.2x allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors.

4.3 2013-02-06 CVE-2012-3279

Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node Manager i (NNMi) 8.x, 9.0x, 9.1x, and 9.20 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

10 2012-12-06 CVE-2012-3275

Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.1x and 9.20 allows remote attackers to execute arbitrary code via unknown vectors.

5 2012-10-04 CVE-2012-3267

Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.20 allows remote attackers to obtain sensitive information via unknown vectors.

4.3 2012-08-07 CVE-2012-2022

Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node Manager i (NNMi) 8.x, 9.0x, 9.1x, and 9.20 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE : Common Weakness Enumeration

%idName
55% (5) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
22% (2) CWE-284 Access Control (Authorization) Issues
11% (1) CWE-287 Improper Authentication
11% (1) CWE-200 Information Exposure

Information Assurance Vulnerability Management (IAVM)

id Description
2014-A-0136 HP Network Node Manager i Remote Code Execution Vulnerability
Severity: Category I - VMSKEY: V0054317
2013-B-0073 HP Network Node Manager i (NNMi) Unauthorized Access Vulnerability
Severity: Category I - VMSKEY: V0039335
2012-B-0125 HP Network Node Manager i Remote Unauthorized Access Vulnerability
Severity: Category I - VMSKEY: V0035496
2012-B-0101 HP Network Node Manager i (NNMi) Information Disclosure Vulnerability
Severity: Category I - VMSKEY: V0034185
2012-B-0074 Multiple Cross-Site Scripting Vulnerabilities in HP Network Node Manager i (N...
Severity: Category I - VMSKEY: V0033555

Snort® IPS/IDS

Date Description
2015-01-13 HP Network Node Manager ovopi.dll command 685 insecure pointer dereference at...
RuleID : 32729 - Type : POLICY-OTHER - Revision : 3
2015-01-06 HP Network Node Manager ovopi.dll buffer overflow attempt
RuleID : 32628 - Type : SERVER-OTHER - Revision : 3
2014-12-16 HP Network Node Manager ovopi.dll buffer overflow attempt
RuleID : 32530 - Type : SERVER-OTHER - Revision : 3
2014-12-09 HP Network Node Manager ovopi.dll buffer overflow attempt
RuleID : 32403 - Type : SERVER-OTHER - Revision : 3
2014-12-04 HP Network Node Manager ovopi.dll buffer overflow attempt
RuleID : 32371 - Type : SERVER-OTHER - Revision : 4
2014-11-16 HP Network Node Manager ovopi.dll buffer overflow attempt
RuleID : 32085 - Type : SERVER-OTHER - Revision : 4
2014-11-16 HP Network Node Manager ovopi.dll buffer overflow attempt
RuleID : 32084 - Type : SERVER-OTHER - Revision : 4

Nessus® Vulnerability Scanner

id Description
2014-12-08 Name: The remote web server hosts an application that is affected by a cross- site ...
File: hp_nnmi_HPSBMU02798-rhel.nasl - Type: ACT_GATHER_INFO
2014-12-08 Name: The remote host is potentially affected by multiple vulnerabilities.
File: hp_nnmi_HPSBMU03035-rhel.nasl - Type: ACT_GATHER_INFO
2014-12-08 Name: The remote host is potentially affected by multiple vulnerabilities.
File: hp_nnmi_HPSBMU03035.nasl - Type: ACT_GATHER_INFO
2014-12-08 Name: The remote host is potentially affected by a remote code execution vulnerabil...
File: hp_nnmi_HPSBMU03075-rhel.nasl - Type: ACT_GATHER_INFO
2014-09-17 Name: The remote host is potentially affected by a remote code execution vulnerabil...
File: hp_nnmi_HPSBMU03075.nasl - Type: ACT_GATHER_INFO
2013-09-26 Name: The remote web server hosts an application that is affected by a cross- site ...
File: hp_nnmi_HPSB3C02687.nasl - Type: ACT_GATHER_INFO
2013-07-17 Name: The remote HP-UX host is missing a security-related patch.
File: hpux_PHSS_43408.nasl - Type: ACT_GATHER_INFO
2012-12-19 Name: The remote HP-UX host is missing a security-related patch.
File: hpux_PHSS_42793.nasl - Type: ACT_GATHER_INFO
2012-03-06 Name: The remote HP-UX host is missing a security-related patch.
File: hpux_PHSS_42328.nasl - Type: ACT_GATHER_INFO