HpeCVEs & Vulnerabilities

184 CVEs affecting Hpe products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

cloudline cl3100 gen10 server firmware 31cloudline cl4100 gen10 server firmware 31proliant dl380 gen10 server 21proliant bl460c gen10 server blade 21proliant dl360 gen10 server 21proliant dl180 gen10 server 21proliant dl160 gen10 server 21proliant dl560 gen10 server 21
CVE-2020-7136KEVCRITICALin the wild

A security vulnerability in HPE Smart Update Manager (SUM) prior to version 8.5.6 could allow remote unauthorized access. Hewlett Packard Enterprise has provided a software update to resolve this vulnerability in HPE Smart Update Manager (SUM) prior to 8.5.6. Please visit the HPE Support Center at https://support.hpe.com/hpesc/public/home to download the latest version of HPE Smart Update Manager (SUM). Download the latest version of HPE Smart Update Manager (SUM) or download the latest Service Pack For ProLiant (SPP).

11 Apr 2026
9.8
CVSS
CVE-2022-37932KEVCRITICALin the wild

A potential security vulnerability has been identified in Hewlett Packard Enterprise OfficeConnect 1820, 1850, and 1920S Network switches. The vulnerability could be remotely exploited to allow authentication bypass. HPE has made the following software updates to resolve the vulnerability in Hewlett Packard Enterprise OfficeConnect 1820, 1850 and 1920S Network switches versions: Prior to PT.02.14; Prior to PC.01.22; Prior to PO.01.21; Prior to PD.02.22;

11 Apr 2026
9.8
CVSS
CVE-2025-37160MEDIUM

A broken access control (BAC) vulnerability in the web-based management interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitation of this vulnerability could enable the attacker to disclose sensitive data.

18 Nov 2025
6.5
CVSS
CVE-2025-37159HIGH

A vulnerability in the web management interface of the AOS-CX OS user authentication service could allow an authenticated remote attacker to hijack an active user session. Successful exploitation may enable the attacker to maintain unauthorized access to the session, potentially leading to the view or modification of sensitive configuration data.

18 Nov 2025
7.3
CVSS
CVE-2025-37158HIGH

A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution (RCE) on the affected system.

18 Nov 2025
8.8
CVSS
CVE-2025-37157HIGH

A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution (RCE) on the affected system.

18 Nov 2025
8.8
CVSS
CVE-2025-37156MEDIUM

A platform-level denial-of-service (DoS) vulnerability exists in ArubaOS-CX software. Successful exploitation of this vulnerability could allow an attacker with administrative access to execute specific code that renders the switch non-bootable and effectively non-functional.

18 Nov 2025
6.8
CVSS
CVE-2025-37155HIGH

A vulnerability in the SSH restricted shell interface of the network management services allows improper access control for authenticated read-only users. If successfully exploited, this vulnerability could allow an attacker with read-only privileges to gain administrator access on the affected system.

18 Nov 2025
7.8
CVSS
CVE-2025-37107CRITICAL

An authentication bypass vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.18.

16 Jul 2025
9.8
CVSS
CVE-2025-37106CRITICAL

An authentication bypass and disclosure of information vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.18.

16 Jul 2025
9.8
CVSS
CVE-2025-37105CRITICAL

An hsqldb-related remote code execution vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.18.

16 Jul 2025
9.8
CVSS
CVE-2024-51770HIGH

An information disclosure vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17.

14 Jul 2025
7.5
CVSS
CVE-2024-51769HIGH

An information disclosure vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17.

14 Jul 2025
7.5
CVSS
CVE-2024-51768HIGH

An hsqldb-related remote code execution vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17.

14 Jul 2025
8.0
CVSS
CVE-2024-51767HIGH

An authentication bypass vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17.

14 Jul 2025
7.3
CVSS
CVE-2025-37099CRITICAL

A remote code execution vulnerability exists in HPE Insight Remote Support (IRS) prior to v7.15.0.646.

1 Jul 2025
9.8
CVSS
CVE-2025-37098HIGH

A path traversal vulnerability exists in HPE Insight Remote Support (IRS) prior to v7.15.0.646.

1 Jul 2025
7.5
CVSS
CVE-2025-37097HIGH

A vulnerability in HPE Insight Remote Support (IRS) prior to v7.15.0.646 may allow an unauthenticated denial of service

1 Jul 2025
7.5
CVSS
CVE-2025-37096CRITICAL

A command injection remote code execution vulnerability exists in HPE StoreOnce Software.

2 Jun 2025
9.8
CVSS
CVE-2025-37095CRITICAL

A directory traversal information disclosure vulnerability exists in HPE StoreOnce Software.

2 Jun 2025
9.8
CVSS
CVE-2025-37094CRITICAL

A directory traversal arbitrary file deletion vulnerability exists in HPE StoreOnce Software.

2 Jun 2025
9.1
CVSS
CVE-2025-37093CRITICAL

An authentication bypass vulnerability exists in HPE StoreOnce Software.

2 Jun 2025
9.8
CVSS
CVE-2025-37092CRITICAL

A command injection remote code execution vulnerability exists in HPE StoreOnce Software.

2 Jun 2025
9.8
CVSS
CVE-2025-37091CRITICAL

A command injection remote code execution vulnerability exists in HPE StoreOnce Software.

2 Jun 2025
9.8
CVSS
CVE-2025-37090CRITICAL

A server-side request forgery vulnerability exists in HPE StoreOnce Software.

2 Jun 2025
9.8
CVSS
CVE-2025-37089CRITICAL

A command injection remote code execution vulnerability exists in HPE StoreOnce Software.

2 Jun 2025
9.8
CVSS
CVE-2025-27086HIGH

A vulnerability in the HPE Performance Cluster Manager (HPCM) GUI could allow an attacker to bypass authentication.

21 Apr 2025
8.1
CVSS
CVE-2024-53676CRITICAL

A directory traversal vulnerability in Hewlett Packard Enterprise Insight Remote Support may allow remote code execution.

27 Nov 2024
9.8
CVSS
CVE-2024-53675HIGH

An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases.

27 Nov 2024
7.5
CVSS
CVE-2024-53674HIGH

An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases.

27 Nov 2024
7.5
CVSS
CVE-2024-53673CRITICAL

A java deserialization vulnerability in HPE Remote Insight Support may allow an unauthenticated attacker to execute code.

27 Nov 2024
9.8
CVSS
CVE-2024-11622HIGH

An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases.

27 Nov 2024
7.5
CVSS
CVE-2024-42508MEDIUM

This vulnerability could be exploited, leading to unauthorized disclosure of information to authenticated users.

18 Oct 2024
5.5
CVSS
CVE-2024-22441CRITICAL

HPE Cray Parallel Application Launch Service (PALS) is subject to an authentication bypass.

13 Jun 2024
9.8
CVSS
CVE-2023-50272CRITICAL

A potential security vulnerability has been identified in HPE Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 6 (iLO 6). The vulnerability could be remotely exploited to allow authentication bypass.

19 Dec 2023
9.8
CVSS
CVE-2023-30912CRITICAL

A remote code execution issue exists in HPE OneView.

25 Oct 2023
9.8
CVSS
CVE-2023-30911HIGH

HPE Integrated Lights-Out 5, and Integrated Lights-Out 6 using iLOrest may cause denial of service.

18 Oct 2023
7.5
CVSS
CVE-2023-30910MEDIUM

HPE MSA Controller prior to version IN210R004 could be remotely exploited to allow inconsistent interpretation of HTTP requests. 

9 Oct 2023
5.4
CVSS
CVE-2023-39268CRITICAL

A memory corruption vulnerability in ArubaOS-Switch could lead to unauthenticated remote code execution by receiving specially crafted packets. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.

29 Aug 2023
9.8
CVSS
CVE-2023-39267MEDIUM

An authenticated remote code execution vulnerability exists in the command line interface in ArubaOS-Switch. Successful exploitation results in a Denial-of-Service (DoS) condition in the switch.

29 Aug 2023
6.5
CVSS
CVE-2023-39266MEDIUM

A vulnerability in the ArubaOS-Switch web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface provided certain configuration options are present. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.

29 Aug 2023
6.1
CVSS
CVE-2023-3718HIGH

An authenticated command injection vulnerability exists in the AOS-CX command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands on the underlying operating system as a privileged user on the affected switch. This allows an attacker to fully compromise the underlying operating system on the device running AOS-CX.

1 Aug 2023
8.8
CVSS
CVE-2023-30906HIGH

The vulnerability could be locally exploited to allow escalation of privilege.

18 Jul 2023
7.8
CVSS
CVE-2023-30905HIGH

The MC990 X and UV300 RMC component has and inadequate default configuration that could be exploited to obtain enhanced privilege.

17 Jun 2023
7.8
CVSS
CVE-2023-30904MEDIUM

A security vulnerability in HPE Insight Remote Support may result in the local disclosure of privileged LDAP information.

17 Jun 2023
5.5
CVSS
CVE-2023-28084MEDIUM

HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens

25 Apr 2023
5.5
CVSS
CVE-2023-28085MEDIUM

An HPE OneView Global Dashboard (OVGD) appliance dump may expose OVGD user account credentials

14 Apr 2023
5.5
CVSS
CVE-2023-28083MEDIUM

A remote Cross-site Scripting vulnerability was discovered in HPE Integrated Lights-Out 6 (iLO 6), Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 4 (iLO 4). HPE has provided software updates to resolve this vulnerability in HPE Integrated Lights-Out.

22 Mar 2023
5.4
CVSS
← PrevPage 1 / 4Next →