Hp Vulnerabilities


The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.


The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.


HP OpenView Network Node Manager74
HP System Management Homepage46
HP Intelligent Management Center33

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.


Official Fix790
Temporary Fix2
Not Defined584

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.


Not Defined940

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Access Vector

Not Defined0

The approach a vulnerability it becomes important to use the expected access vector. This is typically via the network, local, or physically even.


Not Defined0

To exploit a vulnerability a certail level of authentication might be required. Vulnerabilities without such a requirement are much more popular.

User Interaction

Not Defined0

Some attack scenarios require some user interaction by a victim. This is typical for phishing, social engineering and cross site scripting attacks.

C3BM Index

Our unique C3BM Index (CVSSv3 Base Meta Index) cumulates the CVSSv3 Meta Base Scores of all entries over time. Comparing this index to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

CVSSv3 Base


The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp


The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.



The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.



The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.



A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.



Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.



There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

Exploit 0-day


The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today


The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Exploit Market Volume

Our unique calculation of exploit prices makes it possible to forecast the expected exploit market volume. The calculated prices for all possible 0-day expoits are cumulated for this task. Comparing the volume to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

🔴 CTI Activities

Our unique Cyber Threat Intelligence aims to determine the ongoing research of actors to anticipiate their acitivities. Observing exploit markets on the Darknet, discussions of vulnerabilities on mailinglists, and exchanges on social media makes it possible to identify planned attacks. Monitored actors and activities are classified whether they are offensive or defensive. They are also weighted as some actors are well-known for certain products and technologies. And some of their disclosures might contain more or less details about technical aspects and personal context. The world map highlights active actors in real-time.

Affected Products (436): 3PAR Service Processor SP (1), 3com Officeconnect Gigabit Vpn Firewall Software (1), 8 (1), 20q switche (1), 68DTT (1), 2620 Switch (1), 9000 (1), 9200C Digital Sender (1), Access Control (2), Access Control Software (1), Address And Routing Parameter Area(arpa) Transport (1), AdvanceStack 10Base-T Switching Hub J3210a (1), Alm Synchronizer (1), Apollo Domain OS (1), Application Information Optimizer (3), Application LifeCycle Management (1), Application Lifecycle Management (2), Application Lifestyle Management (1), Application Server (1), ArcSight Connector (3), ArcSight ESM (3), ArcSight ESM Express (3), ArcSight Enterprise Security Manager (2), ArcSight Logger (2), ArcSight SmartConnectors (2), Arcsight C1300 Appliance (2), Arcsight Connector Appliance (1), Arcsight Logger (3), Arcsight Management Center (1), AssetCenter (1), Asset Manager (1), AssetManager (1), Autonomy Ultraseek (1), BIOS (32), Bastille (1), Business Availability Center (6), Business PCs (1), Business Service Automation Essentials (1), Business Service Management (2), CIFS-9000 Server (2), Capture Route Software (1), CentralView (3), ChaiVM (2), Client Automation Enterprise (1), Client Automation Enterprise Infrastructure (1), Color LaserJet (1), Color LaserJet CM4540 (2), Color LaserJet CP3525 Printer (1), Color LaserJet Pro (3), Color LaserJet Pro M280-M281 Multifunction Printer (5), Color Laserjet 2500tn (1), Command Center (1), Command Line Utilities (1), Commercial PC (1), Continuous Delivery Automation (1), DECnet-Plus (3), Data Protector (6), Data Protector Express (7), Data Protector Manager (1), Data Protector Media Operations (1), Data Protector for Personal Computers (7), Database (2), Database Archiving Software (3), Decnet Plus For Openvms (1), Dependency Mapping Inventory (4), DesignJet (3), DeskJet (1), DeskJet 3630 (2), Deskjet 2540 (1), Deskjet 6840 (1), Device (2), Device Manager (5), Diagnostics (2), Diagnostics Server (1), Digital Sending (1), Directories Support for ProLiant Management Processors (1), Discovery (4), Display (1), DreamScreen (1), ENVY (1), ENVY 100 D410 (3), Easy Printer Care Software (3), Easy Tools (2), Elite (1), ElitePad (1), Elitebook (1), Embedded Web Server (2), Enterprise Cluster Master Toolkit (1), Enterprise Discovery (1), Enterprise LaserJet (1), Enterprise LaserJet Printer (1), Enterprise LaserJetPrinter (1), Enterprise Maps (2), Enterprise PageWide (1), Enterprise PageWide Managed (1), Event Monitoring Service (1), Executive Scorecard (3), Fortify Software Security Center (2), H3C Comware (1), H3c Ethernet Switch (1), HP-ChaiSOE (1), HP-UX (225), HP-UX Containers (1), HP-UX Support Tools Manager (2), HP-UX Whitelisting (1), HPE Helion Eucalyptus (1), HPLIP (1), HP OfficeJet 6700 Driver (1), HPSFViewer (1), HPSI eDirectory Connector (1), HP Thunderbolt Dock G2 (1), HSPA+ Gobi 4G Module (2), HTTP Server (1), Helion Cloud Development Platform (1), Helion Eucalyptus (1), Help (1), Hpqflash For Hp Notebook System Bios (1), Hpsi Active Directory Bidirectional Ldap Connector (1), Hpux (1), Ibrix X9300 (1), IceWall File Manager (2), IceWall Identity Manager (1), IceWall SSO (1), IceWall SSO Agent Option (2), Ignite-UX (2), Image Assistant (1), Inkjet (1), Inkjet Printer (2), Inode Management Center Pc (1), Insight Control (3), Insight Control Performance Management (6), Insight Control Power Management (2), Insight Control Server Migration (4), Insight Control Suite For Linux (2), Insight Control Virtual Machine Management (3), Insight Control for Linux (2), Insight Diagnostics (6), Insight Managed System Setup Wizard (1), Insight Management Agents (5), Insight Manager (7), Insight Orchestration (3), Insight Recovery (2), Insight Software Installer (4), Insight Virtual Machine Management (1), Instant Support (10), Instant Toptools (1), Integrated Lights-Out (8), Integrated Lights-out (1), Integrated Lights-out 3 (1), Integrated Lights-out Bmc (1), Integrity (1), Intelligent Management Center (33), Intelligent Management Center User Access Manager (1), Intelligent Management Centertacacs+ Authentication Manager (1), Intelligent Provisioning (2), JetAdmin (5), JetAdvantage Security Manager (2), JetDirect (1), Jetdirect (7), Jetdirect 310X (1), Jumpstart (1), KeyView (9), LDAP-UX (1), LIFE Mobile App (1), LaserJet (15), LaserJet 2430 (1), LaserJet 5100 (1), LaserJet Enterprise (1), LaserJet MFP (1), LaserJet Managed (2), LaserJet Managed Printer (4), LaserJet Pro (19), LaserJet Pro 400 (1), LaserJet Pro MFP M28-M31 Printer (5), LaserJet Pro P1606dn (1), LaserJet Solution Software (1), Laserjet 4240 (3), Laserjet 4300 (1), Laserjet M9040 (1), Latex (1), LeftHand (1), LeftHand Virtual SAN Appliance hydra (1), Linux Imaging (3), Linux Imaging And Printing Project (8), LoadRunner (20), Logger (3), MFP (4), MPE (1), MPE-iX (6), MPIO Device Specific Module Manager (1), MagCloud (1), Managed Printing Administration (5), Matrix Operating Environment (5), Mercury Performance Center Agent (1), Mercury Quality Center (3), Mercury SiteScope (2), Mercury Testdirector For Quality Center (1), Middleware Automation (2), Multifunction Peripheral Digital Sending Software (3), Multifunction Printer (1), NFS (1), Network Automation (6), Network Node Manager (2), Network Node Manager I (1), Network Node Manager i (17), Network Printer (1), Network Switch (2), Network Virtualization (3), NonStop NetBatch (1), NonStop Safeguard Security (2), NonStop Server (1), Nonstop Seeview Server Gateway (1), Nonstop Server (2), Nonstop Server Software (2), Nonstop Sql (2), Notebook (1), OLE Point of Sale Driver (10), OMEN Gaming Hub (1), OMEN Gaming Hub SDK Package (1), ONCplus (4), OfficeJet (5), OfficeJet 7110 Wide Format ePrinter (1), OfficeJet Enterprise (4), OfficeJet Pro (3), OfficeJet Pro 8210 (1), OfficeJet Pro 8620 (1), OfficeJet Pro 8710 (1), Officejet Pro (3), OmniBack II (1), Onboard Administrator (4), OneView (1), OpenMail (1), OpenVMS (21), OpenView (2), OpenView Application Manager (2), OpenView Client Configuration Manager (1), OpenView Configuration Management (1), OpenView Data Protector Application Recovery Manager (1), OpenView Event Correlation Services (1), OpenView Network Node Manage (1), OpenView Network Node Manager (74), OpenView OS Manager (1), OpenView Operations (1), OpenView Performance Insight (5), OpenView Report (1), OpenView Storage Data Protector (21), OpenView Storage Data Protector Backup Agent (1), Openview (1), Openview Network Node Manager (8), Openview Omniback (1), Openview Select Access (1), Openvms Rms (1), Operations (2), Operations Agent (9), Operations Dashboard (2), Operations Manager (6), Operations Manager I Management Pack (1), Operations Manager i (2), Operations Orchestration (6), Operations Orchestration Central (1), Oracle for OpenView (2), PC (10), PC Hardware Diagnostics Windows (3), PKI ActiveX control (1), PML Driver HPZ12 (1), PSC 1210 All-in-One (1), PageWide (11), PageWide Enterprise (1), PageWide MFP (1), PageWide Managed Printer (2), PageWide Pro (6), PageWide Pro Printer (1), Palm Pre WebOS (3), Palm webOS (8), Performance Insight (8), Performance Manager (1), Persistent Accelerite Radia Client Automation (3), Photo And Imaging Gallery (1), Photo Digital Imaging Activex Control (2), Photosmart Ink Advantage E-all-in-one (1), Photosmart Print Driver (1), Portfolio Management Center (1), Power Manager (6), Power Manager Remote Agent (1), Praesidium Webproxy (1), Print (1), Print and Scan Doctor (2), Printer (7), Printer Software Package (1), Printing (1), Printing Project (2), ProBook (1), ProCurve (1), ProCurve 1700 (1), ProCurve 9300m (1), ProCurve Identity Driven Manager (1), ProCurve Manager (6), ProCurve Switch 4000M (1), ProCurve Threat Management Services zl Module (4), ProLiant (1), ProLiant Array Configuration Utility (1), ProLiant DL585 (1), ProLiant G6 Lights-Out 100 Remote Management (1), Process Resource Manager (2), Procurve Access Point Software (1), Procurve Switch (2), Procurve Switch 1800-8g (1), Procurve Switch 4000M (2), Procurve Switch 6200yl (1), Procurve Switch Software (3), Product (5), Project (1), Proliant Integrated Lights Out (1), Proliant Ml115 (1), Proliant Sl Advanced Power Manager (1), Proliant Support Pack (3), Protecttools Device Access Manager (1), Quick Launch Button (3), Radia Client (1), Radia Client Automation (1), Rapid Deployment Pack (2), Records Manager (1), Recovery Image and Software Download Tool (1), Release Control (3), Remote Graphics Software (3), Router (1), SAN (9), SDN VAN Controller (1), SNMP Agents (1), SNMP Agents for Linux (1), SOA Registry Foundation (3), Secure OS (4), Secure Web Console (1), Secure Web Server For Tru64 (1), Security Management System (1), Security Manager (4), Select Access (1), Select Identity (4), Service Center (1), ServiceCenter (1), Service Center Server (1), Service Center Web Tier (1), ServiceGuard (1), Service Manager (26), Service Manager Software (1), Service Manager Software Web Tier (1), Service Manager Web Tier (4), Service Virtualization (1), Serviceguard (1), Serviceguard for Linux (1), SiteScope (17), Smart App (1), Smart Profile Server Data Analytics Layer (1), Smart Update Manager (2), Smart Zero Core (1), Sockd (1), Softpaq (1), Software Update (4), Sprinter (4), Storage Data Protector (23), Storage Essentials (2), Storage Essentials Srm Standard (1), StorageWorks Command View (1), StorageWorks Library (1), StorageWorks Modular Smart Array P2000 G3 firmware (1), StorageWorks P2000 G3 MSA (1), StorageWorks Storage Mirroring (6), Storageworks Command View (1), Storageworks Msl4048 Tape Library (1), Storageworks P2000 G3 Msa Fc (1), Storageworks Secure Path Windows (1), StoreOnce Backup (3), StoreOnce D2D (2), Storeonce 2620 Iscsi Backup System (1), Storevirtual 4330fc (2), Support Assistant (18), Support Center (1), Support Solution Framework (1), Support Tools Manager (1), Switch (1), System Administration Manager (1), System Event Utility (1), System Health Application (1), System Management Homepage (46), System_management_homepage (1), Systems Insight Manager (24), TCP-IP Services (2), Tape Tools (1), ThinPro (8), ThinPro Linux (1), ThinUpdate Utility (1), Touchpoint Analytics (1), Tru64 (15), Tru64 UNIX (4), Tru64 Unix (1), Trucluster Server (1), UCMDB (1), UCMDB Configuration Manager (2), UCMDB Foundation (2), Unified Functional Testing (1), Universal Configuration Management Database (6), User Access Manager (1), VAN SDN Controller (1), VVOS (4), Version Control Agent (1), Version Control Repository Manager (7), Vertica (1), Virtual Connect Enterprise Manager (4), Virtual Rooms (3), Virtual Server Environment (2), VirtualVault (4), Visualize Conference Ftp (1), WMI Mapper (1), WebInspect (1), Web JetAdmin (6), Web Jetadmin (4), Webes Service Tools (1), Workstation BIOS (3), XP P9000 Command View Advanced Edition (1), Xp7 Global Link Manager Software (1), Xp 9000 Command View (1), ZBook (1), Zero Client (1), eSupportDiagnostics (1), hp-ux (2), hplip (1), hpqvwocx.dll (1), iQ (9), inkjet (2), integrated Lights Out (1), iscsi Dual Combo Controller Lff Array System (1), lt4112 LTE (2), mx (2), rx3600 (1), t430 (1), t638 (1)

Link to Vendor Website: https://www.hp.com/

10/31/20235.55.5HP PC Hardware Diagnostics Windows Privilege EscalationUnknownNot DefinedNot Defined0.210.00043CVE-2023-5739
10/25/20236.66.6HP Print and Scan Doctor Privilege EscalationUnknownNot DefinedNot Defined0.040.00043CVE-2023-5671
10/18/20237.97.9HP PC BIOS Privilege EscalationUnknownNot DefinedNot Defined0.000.00043CVE-2023-26300
10/13/20233.43.4HP Display Theft Deterrence denial of serviceUnknownNot DefinedNot Defined0.030.00043CVE-2023-5449
10/13/20236.76.6HP t430/t638 Firmware Local Privilege EscalationUnknownNot DefinedWorkaround0.020.00053CVE-2023-5409
10/13/20235.55.4HP ThinUpdate Utility information disclosureUnknownNot DefinedOfficial Fix0.030.00087CVE-2023-4499
10/09/20236.66.6HP LIFE Mobile App information disclosureAndroid App SoftwareNot DefinedNot Defined0.040.00091CVE-2023-5365
10/04/20234.84.8HP Enterprise LaserJet Printer jQuery-UI cross site scriptingPrinting SoftwareNot DefinedNot Defined0.030.00045CVE-2023-5113
08/17/20235.35.3HP/Samsung Printer Software Package uncontrolled search pathPrinting SoftwareNot DefinedNot Defined0.030.00043CVE-2022-4894
07/21/20237.07.0HP LaserJet Pro information disclosureUnknownNot DefinedNot Defined0.030.00091CVE-2023-26301
07/01/20237.17.1HP LaserJet Pro Scan Job buffer overflowUnknownNot DefinedNot Defined0.000.00384CVE-2023-35178
07/01/20237.17.1HP LaserJet Pro Font Format Parser stack-based overflowUnknownNot DefinedNot Defined0.000.00384CVE-2023-35177
06/30/20237.17.1HP LaserJet Pro Web Service buffer overflowUnknownNot DefinedNot Defined0.030.00582CVE-2023-35176
06/30/20236.26.2HP PC AMI UEFI Firmware toctouUnknownNot DefinedNot Defined0.000.00042CVE-2023-26299
06/30/20238.08.0HP LaserJet Pro Web Service Eventing Model server-side request forgeryUnknownNot DefinedNot Defined0.020.00394CVE-2023-35175
06/15/20236.36.3HP Multifunction Printer Workpath Solutions buffer overflowPrinting SoftwareNot DefinedNot Defined0.080.00217CVE-2023-1329
06/15/20236.66.6HP BIOS Privilege EscalationUnknownNot DefinedNot Defined0.040.00042CVE-2022-31646
06/15/20236.66.6HP BIOS Privilege EscalationUnknownNot DefinedNot Defined0.000.00042CVE-2022-31645
06/15/20236.66.6HP BIOS Privilege EscalationUnknownNot DefinedNot Defined0.000.00042CVE-2022-31644
06/14/20236.26.2HP BIOS toctouUnknownNot DefinedNot Defined0.000.00042CVE-2022-31642
06/14/20236.26.2HP BIOS toctouUnknownNot DefinedNot Defined0.000.00042CVE-2022-31641
06/14/20236.26.2HP BIOS toctouUnknownNot DefinedNot Defined0.030.00042CVE-2022-31640
06/13/20236.66.6HP BIOS toctouUnknownNot DefinedNot Defined0.000.00042CVE-2022-31638
06/13/20235.65.6HP BIOS toctouUnknownNot DefinedNot Defined0.000.00042CVE-2022-31636
06/13/20235.65.6HP BIOS toctouUnknownNot DefinedNot Defined0.000.00042CVE-2022-31639
06/13/20233.53.5HP BIOS toctouUnknownNot DefinedNot Defined0.000.00042CVE-2022-31637
06/13/20235.65.6HP BIOS toctouUnknownNot DefinedNot Defined0.000.00042CVE-2022-31635
06/13/20235.55.5HP Enterprise LaserJetPrinter FutureSmart information disclosurePrinting SoftwareNot DefinedNot Defined0.040.00087CVE-2023-1707
06/13/20237.67.6HP PC Hardware Diagnostics Windows buffer overflowUnknownNot DefinedNot Defined0.030.00091CVE-2023-32674
06/13/20237.67.6HP HP Thunderbolt Dock G2 Privilege EscalationUnknownNot DefinedNot Defined0.030.00091CVE-2023-32673
06/13/20237.17.0HP Device Manager command injectionUnknownNot DefinedOfficial Fix0.030.00059CVE-2023-26298
06/13/20237.17.0HP Device Manager command injectionUnknownNot DefinedOfficial Fix0.000.00059CVE-2023-26297
06/13/20237.17.0HP Device Manager command injectionUnknownNot DefinedOfficial Fix0.030.00059CVE-2023-26296
06/13/20237.67.5HP Device Manager command injectionUnknownNot DefinedOfficial Fix0.020.00135CVE-2023-26295
06/13/20236.66.5HP Device Manager command injectionUnknownNot DefinedOfficial Fix0.000.00043CVE-2023-26294
06/12/20236.66.6HP BIOS toctouUnknownNot DefinedNot Defined0.000.00042CVE-2022-43778
06/12/20235.55.5HP BIOS toctouUnknownNot DefinedNot Defined0.000.00042CVE-2022-43777
06/12/20235.55.5HP BIOS toctouUnknownNot DefinedNot Defined0.030.00042CVE-2022-27541
06/12/20236.66.6HP BIOS toctouUnknownNot DefinedNot Defined0.020.00042CVE-2022-27539
06/09/20236.66.6HP Softpaq Installer Privilege EscalationUnknownNot DefinedNot Defined0.040.00042CVE-2019-16283
04/28/20233.33.3HP DesignJet/PageWide information disclosureUnknownNot DefinedNot Defined0.000.00052CVE-2023-1526
04/28/20236.36.3HP LaserJet Pro or heap-based overflowUnknownNot DefinedNot Defined0.000.00472CVE-2023-27973
04/28/20237.67.6HP LaserJet Pro buffer overflowUnknownNot DefinedNot Defined0.090.00147CVE-2023-27971
04/28/20238.08.0HP LaserJet Pro or buffer overflowUnknownNot DefinedNot Defined0.050.00472CVE-2023-27972
04/28/20235.04.9HP PC BIOS unknown vulnerabilityUnknownNot DefinedOfficial Fix0.020.00043CVE-2022-31643
02/12/20236.56.5HP Device Factory Preinstalled Image Local Privilege EscalationUnknownNot DefinedNot Defined0.030.00157CVE-2022-38396
02/12/20235.75.7HP PC AMI UEFI Firmware toctouUnknownNot DefinedNot Defined0.030.00042CVE-2022-43779
02/07/20233.53.4HP Deskjet 2540 Configuration Page cross site scriptingUnknownNot DefinedNot Defined0.040.00050CVE-2022-48311
02/01/20237.97.7HP BIOS Privilege EscalationUnknownNot DefinedOfficial Fix0.000.00043CVE-2021-3439
02/01/20236.66.6HP HPSFViewer Privilege EscalationUnknownNot DefinedNot Defined0.030.00043CVE-2022-3990

1366 more entries are not shown

Want to stay up to date on a daily basis?

Enable the mail alert feature now!