This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Hp First view 2016-05-21
Product System Management Homepage Last view 2018-02-15
Version 7.5.5.6 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:hp:system_management_homepage

Activity : Overall

Related : CVE

  Date Alert Description
5.6 2018-02-15 CVE-2017-12553

A local authentication bypass vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.

5.6 2018-02-15 CVE-2017-12552

A local arbitrary execution of commands vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.

5.6 2018-02-15 CVE-2017-12551

A local arbitrary execution of commands vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.

5.6 2018-02-15 CVE-2017-12550

A local security misconfiguration vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.

5.6 2018-02-15 CVE-2017-12549

A local authentication bypass vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.

5.6 2018-02-15 CVE-2017-12548

A local arbitrary command execution vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.

5.6 2018-02-15 CVE-2017-12547

A local arbitrary command execution vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.

5.6 2018-02-15 CVE-2017-12546

A local buffer overflow vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.

7.5 2018-02-15 CVE-2017-12545

A remote denial of service vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.

5.4 2018-02-15 CVE-2017-12544

A cross-site scripting vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.

9.8 2016-05-21 CVE-2016-4543

The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.

CWE : Common Weakness Enumeration

%idName
40% (2) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
20% (1) CWE-476 NULL Pointer Dereference
20% (1) CWE-287 Improper Authentication
20% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')

Snort® IPS/IDS

Date Description
2019-09-05 HPE System Management Homepage cross site scripting attempt
RuleID : 50887 - Type : SERVER-WEBAPP - Revision : 1
2019-09-05 HPE System Management Homepage cross site scripting attempt
RuleID : 50886 - Type : SERVER-WEBAPP - Revision : 1

Nessus® Vulnerability Scanner

id Description
2017-09-28 Name: The remote web server is affected by multiple vulnerabilities.
File: hpsmh_7_6_1.nasl - Type: ACT_GATHER_INFO
2016-12-01 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201611-22.nasl - Type: ACT_GATHER_INFO
2016-11-09 Name: The remote web server is affected by multiple vulnerabilities.
File: hpsmh_7_6.nasl - Type: ACT_GATHER_INFO
2016-08-29 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-1638-1.nasl - Type: ACT_GATHER_INFO
2016-06-24 Name: The Tenable SecurityCenter application installed on the remote host is affect...
File: securitycenter_php_5_6_21.nasl - Type: ACT_GATHER_INFO
2016-06-17 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-1581-1.nasl - Type: ACT_GATHER_INFO
2016-06-15 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3602.nasl - Type: ACT_GATHER_INFO
2016-06-09 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-696.nasl - Type: ACT_GATHER_INFO
2016-06-01 Name: The remote Debian host is missing a security update.
File: debian_DLA-499.nasl - Type: ACT_GATHER_INFO
2016-05-25 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2984-1.nasl - Type: ACT_GATHER_INFO
2016-05-09 Name: The remote Fedora host is missing a security update.
File: fedora_2016-f4e73663f4.nasl - Type: ACT_GATHER_INFO
2016-03-03 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-613.nasl - Type: ACT_GATHER_INFO