This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Hp First view 2011-04-06
Product Network Node Manager I Last view 2018-08-06
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:hp:network_node_manager_i:9.10:*:*:*:*:*:*:* 14
cpe:2.3:a:hp:network_node_manager_i:9.20:*:*:*:*:*:*:* 14
cpe:2.3:a:hp:network_node_manager_i:9.0:*:*:*:*:*:*:* 11
cpe:2.3:a:hp:network_node_manager_i:10.00:*:*:*:*:*:*:* 11
cpe:2.3:a:hp:network_node_manager_i:9.03:*:*:*:*:*:*:* 10
cpe:2.3:a:hp:network_node_manager_i:9.02:*:*:*:*:*:*:* 10
cpe:2.3:a:hp:network_node_manager_i:9.01:*:*:*:*:*:*:* 10
cpe:2.3:a:hp:network_node_manager_i:10.01:*:*:*:*:*:*:* 7
cpe:2.3:a:hp:network_node_manager_i:9.25:*:*:*:*:*:*:* 6
cpe:2.3:a:hp:network_node_manager_i:9.24:*:*:*:*:*:*:* 6
cpe:2.3:a:hp:network_node_manager_i:9.23:*:*:*:*:*:*:* 6
cpe:2.3:a:hp:network_node_manager_i:10.10:*:*:*:*:*:*:* 5
cpe:2.3:a:hp:network_node_manager_i:8.10:*:*:*:*:*:*:* 4
cpe:2.3:a:hp:network_node_manager_i:9.00:*:*:*:*:*:*:* 4
cpe:2.3:a:hp:network_node_manager_i:8.12.004:*:*:*:*:*:*:* 3
cpe:2.3:a:hp:network_node_manager_i:8.13.005:*:*:*:*:*:*:* 3
cpe:2.3:a:hp:network_node_manager_i:8.11.002:*:*:*:*:*:*:* 3
cpe:2.3:a:hp:network_node_manager_i:8.13.006:*:*:*:*:*:*:* 3
cpe:2.3:a:hp:network_node_manager_i:10.01:patch1:*:*:*:*:*:* 3
cpe:2.3:a:hp:network_node_manager_i:10.01:patch2:*:*:*:*:*:* 3
cpe:2.3:a:hp:network_node_manager_i:9.0.0:*:*:*:*:*:*:* 2
cpe:2.3:a:hp:network_node_manager_i:8.0:*:*:*:*:*:*:* 2
cpe:2.3:a:hp:network_node_manager_i:10.20:*:*:*:*:*:*:* 2
cpe:2.3:a:hp:network_node_manager_i:8.11:*:*:*:*:*:*:* 1
cpe:2.3:a:hp:network_node_manager_i:8.12:*:*:*:*:*:*:* 1
cpe:2.3:a:hp:network_node_manager_i:8.13:*:*:*:*:*:*:* 1
cpe:2.3:a:hp:network_node_manager_i:10.21:*:*:*:*:*:*:* 1

Related : CVE

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
5.4 2018-08-06 CVE-2016-4400

A security vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10. The vulnerability could result in cross-site scripting (XSS).

5.4 2018-08-06 CVE-2016-4399

A security vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10. The vulnerability could result in cross-site scripting (XSS).

8.8 2018-08-06 CVE-2016-4398

A remote arbitrary code execution vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10 using Java Deserialization.

7.8 2018-08-06 CVE-2016-4397

A local code execution security vulnerability was identified in HP Network Node Manager i (NNMi) v10.00, v10.10 and v10.20 Software.

9.8 2018-02-15 CVE-2017-8948

A Remote Bypass Security Restriction vulnerability in HPE Network Node Manager i (NNMi) Software versions v10.0x, v10.1x, v10.2x was found.

8.1 2016-05-07 CVE-2016-2014

HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to modify data or cause a denial of service via unspecified vectors.

6.5 2016-05-07 CVE-2016-2013

HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to obtain sensitive information via unspecified vectors.

6.5 2016-05-07 CVE-2016-2012

HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote attackers to bypass authentication via unspecified vectors.

5.4 2016-05-07 CVE-2016-2011

Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2010.

5.4 2016-05-07 CVE-2016-2010

Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2011.

8.8 2016-05-07 CVE-2016-2009

HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

10 2014-09-10 CVE-2014-2624

Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x, 9.1x, and 9.2x allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2264.

4.3 2014-05-09 CVE-2013-6220

Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 9.0, 9.10, and 9.20 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

10 2014-04-19 CVE-2013-6218

Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x, 9.1x, and 9.2x allows remote attackers to execute arbitrary code via unknown vectors.

5 2013-07-29 CVE-2011-1483

wsf/common/DOMUtils.java in JBossWS Native in Red Hat JBoss Enterprise Application Platform 4.2.0.CP09, 4.3, and 5.1.1; JBoss Enterprise Portal Platform 4.3.CP06 and 5.1.1; JBoss Enterprise SOA Platform 4.2.CP05, 4.3.CP05, and 5.1.0; JBoss Communications Platform 1.2.11 and 5.1.1; JBoss Enterprise BRMS Platform 5.1.0; and JBoss Enterprise Web Platform 5.1.1 does not properly handle recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted request containing an XML document with a DOCTYPE declaration and a large number of nested entity references, a similar issue to CVE-2003-1564.

7.5 2013-07-13 CVE-2013-2351

Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.00, 9.1x, and 9.2x allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors.

4.3 2013-02-06 CVE-2012-3279

Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node Manager i (NNMi) 8.x, 9.0x, 9.1x, and 9.20 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

10 2012-12-06 CVE-2012-3275

Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.1x and 9.20 allows remote attackers to execute arbitrary code via unknown vectors.

5 2012-10-04 CVE-2012-3267

Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.20 allows remote attackers to obtain sensitive information via unknown vectors.

4.3 2012-09-20 CVE-2011-5184

Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node Manager i 9.10 allow remote attackers to inject arbitrary web script or HTML via the (1) node parameter to nnm/mibdiscover; (2) nodename parameter to nnm/protected/configurationpoll.jsp, (3) nnm/protected/ping.jsp, (4) nnm/protected/statuspoll.jsp, or (5) nnm/protected/traceroute.jsp; or (6) field parameter to nmm/validate. NOTE: this might be a duplicate of CVE-2011-4155 or CVE-2011-4156.

4.3 2012-08-07 CVE-2012-2022

Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node Manager i (NNMi) 8.x, 9.0x, 9.1x, and 9.20 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3 2012-07-05 CVE-2012-2018

Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 8.x, 9.0x, and 9.1x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3 2011-11-16 CVE-2011-4156

Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 9.0x and 9.1x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-4155.

4.3 2011-11-16 CVE-2011-4155

Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 9.0x and 9.1x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-4156.

4.3 2011-05-13 CVE-2011-1855

Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x allows local users to read or modify (1) log files or (2) other data via unknown vectors.

CWE : Common Weakness Enumeration

%idName
66% (12) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
11% (2) CWE-284 Access Control (Authorization) Issues
5% (1) CWE-502 Deserialization of Untrusted Data
5% (1) CWE-287 Improper Authentication
5% (1) CWE-200 Information Exposure
5% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')

Open Source Vulnerability Database (OSVDB)

id Description
76963 HP Network Node Manager i Unspecified XSS (2011-4156)
76962 HP Network Node Manager i Unspecified XSS (2011-4155)
75613 JBoss Multiple Product Web Services Native DTD Parsing Remote DoS
73162 HP Network Node Manager i (NNMi) Unspecified Local Log File Access
71967 HP Network Node Manager i (NNMi) Unspecified Remote Access Restriction Bypass
71831 HP Network Node Manager i Unspecified XSS
71830 HP Network Node Manager i Unspecified Local Unauthorized Access
71585 HP Network Node Manager i (NNMi) Unspecified Remote Information Disclosure

Information Assurance Vulnerability Management (IAVM)

id Description
2014-A-0136 HP Network Node Manager i Remote Code Execution Vulnerability
Severity: Category I - VMSKEY: V0054317
2013-B-0073 HP Network Node Manager i (NNMi) Unauthorized Access Vulnerability
Severity: Category I - VMSKEY: V0039335
2012-B-0125 HP Network Node Manager i Remote Unauthorized Access Vulnerability
Severity: Category I - VMSKEY: V0035496
2012-B-0101 HP Network Node Manager i (NNMi) Information Disclosure Vulnerability
Severity: Category I - VMSKEY: V0034185
2012-B-0074 Multiple Cross-Site Scripting Vulnerabilities in HP Network Node Manager i (N...
Severity: Category I - VMSKEY: V0033555
2011-B-0119 Multiple Red Hat JBoss Products Remote Denial of Service Vulnerability
Severity: Category II - VMSKEY: V0030272

Snort® IPS/IDS

Date Description
2015-01-13 HP Network Node Manager ovopi.dll command 685 insecure pointer dereference at...
RuleID : 32729 - Type : POLICY-OTHER - Revision : 3
2015-01-06 HP Network Node Manager ovopi.dll buffer overflow attempt
RuleID : 32628 - Type : SERVER-OTHER - Revision : 3
2014-12-16 HP Network Node Manager ovopi.dll buffer overflow attempt
RuleID : 32530 - Type : SERVER-OTHER - Revision : 3
2014-12-09 HP Network Node Manager ovopi.dll buffer overflow attempt
RuleID : 32403 - Type : SERVER-OTHER - Revision : 3
2014-12-04 HP Network Node Manager ovopi.dll buffer overflow attempt
RuleID : 32371 - Type : SERVER-OTHER - Revision : 4
2014-11-16 HP Network Node Manager ovopi.dll buffer overflow attempt
RuleID : 32085 - Type : SERVER-OTHER - Revision : 4
2014-11-16 HP Network Node Manager ovopi.dll buffer overflow attempt
RuleID : 32084 - Type : SERVER-OTHER - Revision : 4
2014-01-10 HP Network Node Manager cross site scripting attempt
RuleID : 20845 - Type : SERVER-WEBAPP - Revision : 9

Nessus® Vulnerability Scanner

id Description
2017-07-07 Name: An application installed on the remote Windows host is affected by multiple v...
File: hp_nnmi_HPESBGN03762.nasl - Type: ACT_GATHER_INFO
2017-07-07 Name: An application installed on the remote Linux host is affected by multiple vul...
File: hp_nnmi_HPESBGN03762-rhel.nasl - Type: ACT_GATHER_INFO
2017-06-19 Name: An application installed on the remote Windows host is affected by multiple v...
File: hp_intelligent_management_center_7_3_e0504p04.nasl - Type: ACT_GATHER_INFO
2017-06-19 Name: An application installed on the remote Windows host is affected by multiple v...
File: hp_imc_73_e0504p04.nasl - Type: ACT_GATHER_INFO
2016-11-17 Name: A web management application running on the remote host is affected by multip...
File: hp_nnmi_console_10_10.nasl - Type: ACT_GATHER_INFO
2014-12-08 Name: The remote web server hosts an application that is affected by a cross- site ...
File: hp_nnmi_HPSBMU02798-rhel.nasl - Type: ACT_GATHER_INFO
2014-12-08 Name: The remote host is potentially affected by a remote code execution vulnerabil...
File: hp_nnmi_HPSBMU03075-rhel.nasl - Type: ACT_GATHER_INFO
2014-12-08 Name: The remote host is potentially affected by multiple vulnerabilities.
File: hp_nnmi_HPSBMU03035.nasl - Type: ACT_GATHER_INFO
2014-12-08 Name: The remote host is potentially affected by multiple vulnerabilities.
File: hp_nnmi_HPSBMU03035-rhel.nasl - Type: ACT_GATHER_INFO
2014-09-17 Name: The remote host is potentially affected by a remote code execution vulnerabil...
File: hp_nnmi_HPSBMU03075.nasl - Type: ACT_GATHER_INFO
2013-09-26 Name: The remote web server hosts an application that is affected by a cross- site ...
File: hp_nnmi_HPSB3C02687.nasl - Type: ACT_GATHER_INFO
2013-07-17 Name: The remote HP-UX host is missing a security-related patch.
File: hpux_PHSS_43408.nasl - Type: ACT_GATHER_INFO
2013-01-24 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2011-1309.nasl - Type: ACT_GATHER_INFO
2013-01-24 Name: The remote Red Hat host is missing a security update.
File: redhat-RHSA-2011-1306.nasl - Type: ACT_GATHER_INFO
2013-01-24 Name: The remote Red Hat host is missing a security update.
File: redhat-RHSA-2011-1301.nasl - Type: ACT_GATHER_INFO
2012-12-19 Name: The remote HP-UX host is missing a security-related patch.
File: hpux_PHSS_42793.nasl - Type: ACT_GATHER_INFO
2012-03-06 Name: The remote HP-UX host is missing a security-related patch.
File: hpux_PHSS_42328.nasl - Type: ACT_GATHER_INFO
2012-03-06 Name: The remote HP-UX host is missing a security-related patch.
File: hpux_PHSS_41983.nasl - Type: ACT_GATHER_INFO