Vendor Hp

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Access Vector »

The approach a vulnerability it becomes important to use the expected access vector. This is typically via the network, local, or physically even.

Authentication »

To exploit a vulnerability a certail level of authentication might be required. Vulnerabilities without such a requirement are much more popular.

User Interaction »

Some attack scenarios require some user interaction by a victim. This is typical for phishing, social engineering and cross site scripting attacks.

C3BM Index »

Our unique C3BM Index (CVSSv3 Base Meta Index) cumulates the CVSSv3 Meta Base Scores of all entries over time. Comparing this index to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB »

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD »

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

Vendor »

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research »

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Exploit Market Volume »

Our unique calculation of exploit prices makes it possible to forecast the expected exploit market volume. The calculated prices for all possible 0-day expoits are cumulated for this task. Comparing the volume to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

🔴 CTI Activities »

Our unique Cyber Threat Intelligence aims to determine the ongoing research of actors to anticipiate their acitivities. Observing exploit markets on the Darknet, discussions of vulnerabilities on mailinglists, and exchanges on social media makes it possible to identify planned attacks. Monitored actors and activities are classified whether they are offensive or defensive. They are also weighted as some actors are well-known for certain products and technologies. And some of their disclosures might contain more or less details about technical aspects and personal context. The world map highlights active actors in real-time.

Affected Products (391): 3PAR Service Processor SP (1), 3com Officeconnect Gigabit Vpn Firewall Software (1), 8 (1), 20q switche (1), 68DTT (1), 2620 Switch (1), 9000 (1), 9200C Digital Sender (1), Access Control (2), Access Control Software (1), Address And Routing Parameter Area(arpa) Transport (1), AdvanceStack 10Base-T Switching Hub J3210a (1), Alm Synchronizer (1), Apollo Domain OS (1), Application Information Optimizer (3), Application LifeCycle Management (1), Application Lifecycle Management (2), Application Lifestyle Management (1), Application Server (1), ArcSight Connector (3), ArcSight ESM (3), ArcSight ESM Express (3), ArcSight Enterprise Security Manager (2), ArcSight Logger (2), ArcSight SmartConnectors (2), Arcsight C1300 Appliance (2), Arcsight Connector Appliance (1), Arcsight Logger (3), Arcsight Management Center (1), AssetCenter (1), Asset Manager (1), AssetManager (1), Autonomy Ultraseek (1), Bastille (1), Business Availability Center (6), Business PCs (1), Business Service Automation Essentials (1), Business Service Management (2), CIFS-9000 Server (2), Capture Route Software (1), CentralView (3), ChaiVM (2), Client Automation Enterprise (1), Client Automation Enterprise Infrastructure (1), Color LaserJet (1), Color LaserJet CM4540 (2), Color LaserJet CP3525 Printer (1), Color LaserJet Pro M280-M281 Multifunction Printer (5), Color Laserjet 2500tn (1), Command Line Utilities (1), Commercial PC (1), Continuous Delivery Automation (1), DECnet-Plus (3), Data Protector (6), Data Protector Express (7), Data Protector Manager (1), Data Protector Media Operations (1), Data Protector for Personal Computers (7), Database (2), Database Archiving Software (3), Decnet Plus For Openvms (1), Dependency Mapping Inventory (4), DesignJet (1), DeskJet 3630 (2), Deskjet 6840 (1), Device (1), Diagnostics (2), Diagnostics Server (1), Directories Support for ProLiant Management Processors (1), Discovery (4), DreamScreen (1), ENVY 100 D410 (3), Easy Printer Care Software (3), Easy Tools (2), Elite (1), ElitePad (1), Elitebook (1), Embedded Web Server (2), Enterprise Cluster Master Toolkit (1), Enterprise Discovery (1), Enterprise Maps (2), Event Monitoring Service (1), Executive Scorecard (3), Fortify Software Security Center (2), H3C Comware (1), H3c Ethernet Switch (1), HP-ChaiSOE (1), HP-UX (225), HP-UX Containers (1), HP-UX Support Tools Manager (2), HP-UX Whitelisting (1), HPE Helion Eucalyptus (1), HPLIP (1), HP OfficeJet 6700 Driver (1), HPSI eDirectory Connector (1), HSPA+ Gobi 4G Module (2), HTTP Server (1), Helion Cloud Development Platform (1), Helion Eucalyptus (1), Help (1), Hpqflash For Hp Notebook System Bios (1), Hpsi Active Directory Bidirectional Ldap Connector (1), Hpux (1), Ibrix X9300 (1), IceWall File Manager (2), IceWall Identity Manager (1), IceWall SSO (1), IceWall SSO Agent Option (2), Ignite-UX (2), Inkjet Printer (2), Inode Management Center Pc (1), Insight Control (3), Insight Control Performance Management (6), Insight Control Power Management (2), Insight Control Server Migration (4), Insight Control Suite For Linux (2), Insight Control Virtual Machine Management (3), Insight Control for Linux (2), Insight Diagnostics (6), Insight Managed System Setup Wizard (1), Insight Management Agents (5), Insight Manager (7), Insight Orchestration (3), Insight Recovery (2), Insight Software Installer (4), Insight Virtual Machine Management (1), Instant Support (10), Instant Toptools (1), Integrated Lights-Out (8), Integrated Lights-out (1), Integrated Lights-out 3 (1), Integrated Lights-out Bmc (1), Integrity (1), Intelligent Management Center (33), Intelligent Management Center User Access Manager (1), Intelligent Management Centertacacs+ Authentication Manager (1), Intelligent Provisioning (2), JetAdmin (5), JetAdvantage Security Manager (2), JetDirect (1), Jetdirect (7), Jetdirect 310X (1), KeyView (9), LDAP-UX (1), LaserJet (11), LaserJet 2430 (1), LaserJet 5100 (1), LaserJet Enterprise (1), LaserJet MFP (1), LaserJet Managed (1), LaserJet Managed Printer (1), LaserJet Pro (3), LaserJet Pro 400 (1), LaserJet Pro MFP M28-M31 Printer (5), LaserJet Pro P1606dn (1), Laserjet 4240 (3), Laserjet 4300 (1), Laserjet M9040 (1), Latex (1), LeftHand (1), LeftHand Virtual SAN Appliance hydra (1), Linux Imaging (3), Linux Imaging And Printing Project (8), LoadRunner (20), Logger (3), MFP (1), MPE (1), MPE-iX (6), MPIO Device Specific Module Manager (1), MagCloud (1), Managed Printing Administration (5), Matrix Operating Environment (5), Mercury Performance Center Agent (1), Mercury Quality Center (3), Mercury SiteScope (2), Mercury Testdirector For Quality Center (1), Middleware Automation (2), Multifunction Peripheral Digital Sending Software (3), NFS (1), Network Automation (6), Network Node Manager (2), Network Node Manager I (1), Network Node Manager i (17), Network Printer (1), Network Switch (2), Network Virtualization (3), NonStop NetBatch (1), NonStop Safeguard Security (2), NonStop Server (1), Nonstop Seeview Server Gateway (1), Nonstop Server (2), Nonstop Server Software (2), Nonstop Sql (2), Notebook (1), OLE Point of Sale Driver (10), ONCplus (4), OfficeJet (2), OfficeJet Enterprise (4), OfficeJet Pro 8210 (1), OfficeJet Pro 8620 (1), OfficeJet Pro 8710 (1), Officejet Pro (2), OmniBack II (1), Onboard Administrator (4), OneView (1), OpenMail (1), OpenVMS (21), OpenView (2), OpenView Application Manager (2), OpenView Client Configuration Manager (1), OpenView Configuration Management (1), OpenView Data Protector Application Recovery Manager (1), OpenView Event Correlation Services (1), OpenView Network Node Manage (1), OpenView Network Node Manager (74), OpenView OS Manager (1), OpenView Operations (1), OpenView Performance Insight (5), OpenView Report (1), OpenView Storage Data Protector (21), OpenView Storage Data Protector Backup Agent (1), Openview (1), Openview Network Node Manager (8), Openview Omniback (1), Openview Select Access (1), Openvms Rms (1), Operations (2), Operations Agent (9), Operations Dashboard (2), Operations Manager (6), Operations Manager I Management Pack (1), Operations Manager i (2), Operations Orchestration (6), Operations Orchestration Central (1), Oracle for OpenView (2), PKI ActiveX control (1), PML Driver HPZ12 (1), PSC 1210 All-in-One (1), PageWide (4), PageWide Enterprise (1), Palm Pre WebOS (3), Palm webOS (8), Performance Insight (8), Performance Manager (1), Persistent Accelerite Radia Client Automation (3), Photo And Imaging Gallery (1), Photo Digital Imaging Activex Control (2), Photosmart Ink Advantage E-all-in-one (1), Photosmart Print Driver (1), Portfolio Management Center (1), Power Manager (6), Power Manager Remote Agent (1), Praesidium Webproxy (1), Printer (5), Printing (1), Printing Project (2), ProBook (1), ProCurve (1), ProCurve 1700 (1), ProCurve 9300m (1), ProCurve Identity Driven Manager (1), ProCurve Manager (6), ProCurve Switch 4000M (1), ProCurve Threat Management Services zl Module (4), ProLiant (1), ProLiant Array Configuration Utility (1), ProLiant DL585 (1), ProLiant G6 Lights-Out 100 Remote Management (1), Process Resource Manager (2), Procurve Access Point Software (1), Procurve Switch (2), Procurve Switch 1800-8g (1), Procurve Switch 4000M (2), Procurve Switch 6200yl (1), Procurve Switch Software (3), Project (1), Proliant Integrated Lights Out (1), Proliant Ml115 (1), Proliant Sl Advanced Power Manager (1), Proliant Support Pack (3), Protecttools Device Access Manager (1), Quick Launch Button (3), Radia Client (1), Radia Client Automation (1), Rapid Deployment Pack (2), Records Manager (1), Release Control (3), Remote Graphics Software (3), Router (1), SAN (9), SDN VAN Controller (1), SNMP Agents (1), SNMP Agents for Linux (1), SOA Registry Foundation (3), Secure OS (4), Secure Web Console (1), Secure Web Server For Tru64 (1), Security Management System (1), Select Access (1), Select Identity (4), Service Center (1), ServiceCenter (1), Service Center Server (1), Service Center Web Tier (1), ServiceGuard (1), Service Manager (26), Service Manager Software (1), Service Manager Software Web Tier (1), Service Manager Web Tier (4), Service Virtualization (1), Serviceguard (1), Serviceguard for Linux (1), SiteScope (17), Smart Profile Server Data Analytics Layer (1), Smart Update Manager (2), Smart Zero Core (1), Sockd (1), Software Update (4), Sprinter (4), Storage Data Protector (23), Storage Essentials (2), Storage Essentials Srm Standard (1), StorageWorks Command View (1), StorageWorks Library (1), StorageWorks Modular Smart Array P2000 G3 firmware (1), StorageWorks P2000 G3 MSA (1), StorageWorks Storage Mirroring (6), Storageworks Command View (1), Storageworks Msl4048 Tape Library (1), Storageworks P2000 G3 Msa Fc (1), Storageworks Secure Path Windows (1), StoreOnce Backup (3), StoreOnce D2D (2), Storeonce 2620 Iscsi Backup System (1), Storevirtual 4330fc (2), Support Assistant (7), Support Center (1), Support Solution Framework (1), Support Tools Manager (1), Switch (1), System Administration Manager (1), System Event Utility (1), System Health Application (1), System Management Homepage (46), System_management_homepage (1), Systems Insight Manager (24), TCP-IP Services (2), Tape Tools (1), ThinPro (7), ThinPro Linux (1), Touchpoint Analytics (1), Tru64 (15), Tru64 UNIX (4), Tru64 Unix (1), Trucluster Server (1), UCMDB (1), UCMDB Configuration Manager (2), UCMDB Foundation (2), Unified Functional Testing (1), Universal Configuration Management Database (6), User Access Manager (1), VAN SDN Controller (1), VVOS (4), Version Control Agent (1), Version Control Repository Manager (7), Vertica (1), Virtual Connect Enterprise Manager (4), Virtual Rooms (3), Virtual Server Environment (2), VirtualVault (4), Visualize Conference Ftp (1), WMI Mapper (1), WebInspect (1), Web JetAdmin (6), Web Jetadmin (4), Webes Service Tools (1), Workstation BIOS (2), XP P9000 Command View Advanced Edition (1), Xp7 Global Link Manager Software (1), Xp 9000 Command View (1), ZBook (1), eSupportDiagnostics (1), hp-ux (2), hplip (1), hpqvwocx.dll (1), iQ (9), integrated Lights Out (1), iscsi Dual Combo Controller Lff Array System (1), lt4112 LTE (2), mx (2), rx3600 (1)

Link to Vendor Website: https://www.hp.com/

PublishedBaseTempVulnerabilityProdExpRemCTICVE
02/03/20216.35.7HP Access Control access controlUnknownProof-of-ConceptOfficial Fix0.00CVE-2020-29165
09/08/20205.95.6HP OfficeJet Pro 8210 jbig2 Filter null pointer dereferenceUnknownNot DefinedOfficial Fix0.05CVE-2020-11158
04/02/20204.44.2HP Support Assistant denial of serviceUnknownNot DefinedOfficial Fix0.11CVE-2019-18920
04/02/20207.37.3HP Support Assistant Local Privilege EscalationUnknownNot DefinedOfficial Fix0.11CVE-2019-18919
03/16/20208.58.5HP Printer improper authenticationPrinting SoftwareNot DefinedNot Defined0.03CVE-2019-18917
02/13/20206.56.3HP System Event Utility input validationUnknownHighOfficial Fix0.07CVE-2019-18915
01/31/20206.66.3HP Business PCs Microsoft Windows 10 Kernel DMA Protection authorizationUnknownNot DefinedOfficial Fix0.05CVE-2019-18913
01/09/20203.63.6HP Inkjet Printer cross site scriptingPrinting SoftwareNot DefinedNot Defined0.05CVE-2019-6332
01/09/20208.58.2HP Access Control privileges managementUnknownNot DefinedOfficial Fix0.05CVE-2019-6330
01/09/20206.26.2HP DeskJet 3630 cross-site request forgeryUnknownNot DefinedNot Defined0.00CVE-2019-6320
01/09/20206.26.2HP DeskJet 3630 cross-site request forgeryUnknownNot DefinedNot Defined0.12CVE-2019-6319
11/22/20196.36.3HP ThinPro Citrix Receiver Wrapper input validationUnknownNot DefinedNot Defined0.09CVE-2019-18910
11/22/20197.97.9HP ThinPro input validationUnknownNot DefinedNot Defined0.04CVE-2019-18909
11/22/20195.75.7HP ThinPro Application Filter privileges managementUnknownNot DefinedNot Defined0.00CVE-2019-16287
11/22/20196.36.3HP ThinPro OS Application Filter authorizationUnknownNot DefinedNot Defined0.00CVE-2019-16286
11/22/20194.94.9HP ThinPro authorizationUnknownNot DefinedNot Defined0.00CVE-2019-16285
11/07/20194.64.6HP Inkjet Printer Print File assertionPrinting SoftwareNot DefinedNot Defined0.05CVE-2019-6337
11/05/20195.95.9HP Device Boot input validationUnknownNot DefinedNot Defined0.05CVE-2019-16284
10/16/20198.58.5HP LaserJet Application Signature input validationPrinting SoftwareNot DefinedNot Defined0.04CVE-2019-6334
10/11/20196.05.7HP Touchpoint Analytics System Service input validationUnknownNot DefinedOfficial Fix0.08CVE-2019-6333
06/25/20196.06.0HP Support Assistant access controlUnknownNot DefinedNot Defined0.05CVE-2019-6329
06/25/20196.56.5HP Support Assistant access controlUnknownNot DefinedNot Defined0.00CVE-2019-6328
06/17/20198.08.0HP Color LaserJet Pro M280-M281 Multifunction Printer IPP Parser memory corruptionPrinting SoftwareNot DefinedNot Defined0.00CVE-2019-6327
06/17/20195.95.9HP Color LaserJet Pro M280-M281 Multifunction Printer Embedded Web Server memory corruptionPrinting SoftwareNot DefinedNot Defined0.05CVE-2019-6326
06/17/20196.56.5HP Color LaserJet Pro M280-M281 Multifunction Printer Embedded Web Server cross-site request forgeryPrinting SoftwareNot DefinedNot Defined0.06CVE-2019-6325
06/17/20193.63.6HP Color LaserJet Pro M280-M281 Multifunction Printer Embedded Web Server Stored cross site scriptingPrinting SoftwareNot DefinedNot Defined0.04CVE-2019-6324
06/17/20195.25.2HP Color LaserJet Pro M280-M281 Multifunction Printer Embedded Web Server Reflected cross site scriptingPrinting SoftwareNot DefinedNot Defined0.10CVE-2019-6323
05/29/20195.55.4HP Workstation BIOS TPM 7pk securityUnknownNot DefinedWorkaround0.05CVE-2019-6322
05/29/20195.95.8HP Workstation BIOS TPM 7pk securityUnknownNot DefinedWorkaround0.00CVE-2019-6321
04/11/20198.58.5HP LaserJet/OfficeJet Signature Validation input validationUnknownNot DefinedNot Defined0.00CVE-2019-6318
03/27/20196.36.0HP Support Assistant improper authorizationUnknownNot DefinedOfficial Fix0.05CVE-2018-5927
03/27/20199.19.1HP Remote Graphics Software Certificate Authentication certificate validationUnknownNot DefinedNot Defined0.05CVE-2018-5926
03/27/20198.58.5HP LaserJet Enterprise Signature Validation signature verificationUnknownNot DefinedNot Defined0.01CVE-2018-5923
10/03/20186.56.5HP Printer/MFP cross-site request forgeryPrinting SoftwareNot DefinedNot Defined0.04CVE-2018-5921
10/03/20183.53.3HP Notebook BIOS Password credentials managementUnknownNot DefinedOfficial Fix0.11CVE-2017-2751
08/06/20184.44.4HP Business Service Management cross site scriptingUnknownNot DefinedNot Defined0.00CVE-2016-4392
08/01/20189.18.8HP Printer memory corruptionPrinting SoftwareNot DefinedOfficial Fix0.03CVE-2018-5925
08/01/20189.89.4HP Printer memory corruptionPrinting SoftwareNot DefinedOfficial Fix0.08CVE-2018-5924
05/22/20185.95.6HP Service Manager Software Web Tier sql injectionProject Management SoftwareNot DefinedOfficial Fix0.05CVE-2018-6494
01/23/20189.89.4HP LaserJet/OfficeJet/PageWide DLL Signature Validation input validationUnknownNot DefinedOfficial Fix0.05CVE-2017-2750
01/23/20185.55.3HP DesignJet/Latex SMTP Server Credentials credentials managementUnknownNot DefinedOfficial Fix0.04CVE-2017-2747
01/23/20185.24.9HP JetAdvantage Security Manager Stored cross site scriptingUnknownNot DefinedOfficial Fix0.01CVE-2017-2746
01/23/20185.24.9HP JetAdvantage Security Manager Stored cross site scriptingUnknownNot DefinedOfficial Fix0.04CVE-2017-2745
01/23/20185.45.2HP Support Assistant File Extraction information disclosureUnknownNot DefinedOfficial Fix0.02CVE-2017-2744
01/23/20185.24.9HP LaserJet/OfficeJet Enterprise/PageWide cross site scriptingUnknownNot DefinedOfficial Fix0.01CVE-2017-2743
01/23/20186.46.1HP Web JetAdmin resource managementUnknownNot DefinedOfficial Fix0.00CVE-2017-2742
01/23/20189.49.0HP PageWide/Officejet Pro access controlUnknownHighOfficial Fix0.04CVE-2017-2741
01/23/20186.56.5HP ThinPro Command Line Shell access controlUnknownNot DefinedNot Defined0.05CVE-2017-2740
10/31/20176.25.9HP ArcSight ESM/ArcSight ESM Express redirectUnknownNot DefinedOfficial Fix0.01CVE-2017-14358
10/31/20175.24.9HP ArcSight ESM/ArcSight ESM Express Reflected cross site scriptingUnknownNot DefinedOfficial Fix0.00CVE-2017-14357

Do you want to use VulDB in your project?

Use the official API to access entries easily!