Vulnerabilidades en Hewlett Packard Enterprise (HPE)

450 resultados

Análisis Vexday

O portfólio de vulnerabilidades da Hewlett Packard Enterprise (HPE) soma 450 CVEs catalogadas, com taxa de exploração ativa abaixo da média geral do catálogo — apenas 1 entrada confirmada no CISA KEV (0,22% contra 0,45% da média). Ainda assim, a CVE-2025-37164 merece atenção imediata: com EPSS de 0,8973, ela concentra a maior probabilidade de exploração observada no portfólio e é a vulnerabilidade ativamente explorada hoje. O tipo de falha mais recorrente é CWE-77 (Command Injection), o que sugere riscos elevados de execução arbitrária de comandos em ambientes afetados. Com 57 CVEs críticas, 3 com prova de conceito pública e 33 vulnerabilidades surgidas nos últimos 90 dias, equipes de segurança devem manter ciclos de patch ativos e priorizar os ativos expostos a injeção de comandos.

CVE-2026-23808MEDIUMClient Isolation Bypass via GTK ManipulationEPSS 0.3%CVE-2024-51773MEDIUMAuthenticated Stored Cross-Site Scripting (XSS) in HPE Aruba Networking ClearPass Policy Manager Web-based Management InterfaceEPSS 0.3%CVE-2026-23822MEDIUMUnauthenticated XML External Entity Injection in AOS-8 Instant allows Denial of ServiceEPSS 0.3%CVE-2025-37156MEDIUMArubaOS-CX Platform-Level Denial-of-Service VulnerabilityEPSS 0.3%CVE-2026-23809MEDIUMMAC Address Spoofing leads to Inter-BSSID Isolation Bypass Resulting in Traffic RedirectionEPSS 0.3%CVE-2025-23057MEDIUMAuthenticated Stored Cross-Site Scripting (XSS) Vulnerability in HPE Aruba Networking Fabric Composer Web Management InterfaceEPSS 0.3%CVE-2025-23056MEDIUMAuthenticated Stored Cross-Site Scripting (XSS) Vulnerability in HPE Aruba Networking Fabric Composer Web Management InterfaceEPSS 0.3%CVE-2025-23055MEDIUMAuthenticated Stored Cross-Site Scripting (XSS) Vulnerability in HPE Aruba Networking Fabric Composer Web Management InterfaceEPSS 0.3%CVE-2025-37160MEDIUMAuthenticated Broken Access Control (BAC) in REST API Configuration ServiceEPSS 0.2%CVE-2026-23597MEDIUMUnauthenticated Information Disclosure in application API allows sensitive system information exposureEPSS 0.2%CVE-2026-23596MEDIUMUnauthenticated Improper Access Control in management API allows unauthorized service disruptionEPSS 0.2%CVE-2023-22791MEDIUMAruba InstantOS and ArubaOS 10 Sensitive Information DisclosureEPSS 0.2%CVE-2023-28092MEDIUMA potential security vulnerability has been identified in HPE ProLiant RL300 Gen11 Server. The vulnerability could result in the system beinEPSS 0.2%CVE-2024-54010LOWUnauthenticated Traffic Handling Flaw Allows Packet Leakage on HPE Aruba Networking CX 10000 series switchesEPSS 0.2%CVE-2025-37122MEDIUMUnauthenticated Reflected Cross-Site ScriptingEPSS 0.2%CVE-2025-37148MEDIUMKernel Panic triggered by Modified Ethernet Frames leads to Denial of Service VulnerabilityEPSS 0.2%CVE-2025-37159MEDIUMAuthenticated Session Hijacking Allows Unauthorized Access in Network Switching SoftwareEPSS 0.2%CVE-2025-37185MEDIUMAuthenticated Stored Cross-Site Scripting Vulnerabilities (XSS) in EdgeConnect SD-WAN Orchestrator Web Administration InterfaceEPSS 0.2%CVE-2025-27084MEDIUMReflected Cross-Site Scripting (XSS) Vulnerability in Captive Portal (CP) of an AOS-10 GW and AOS-8 Controller/Mobility Conductor Web-based Management InterfaceEPSS 0.2%CVE-2022-43534HIGHA vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges. A sucEPSS 0.2%

← anteriorpágina 20 / 23siguiente →