Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Hewlett Packard Enterprise (HPE) — Vulnerabilities & Security Advisories 418

Browse all 418 CVE security advisories affecting Hewlett Packard Enterprise (HPE). AI-powered Chinese analysis, POCs, and references for each vulnerability.

Hewlett Packard Enterprise (HPE) operates as a critical infrastructure provider, designing and selling servers, storage, networking hardware, and associated software solutions for enterprise data centers. With 418 recorded CVEs, the company’s attack surface primarily involves its managed services and hardware management interfaces. Historically, common vulnerability classes include remote code execution (RCE) and cross-site scripting (XSS), often stemming from web-based management consoles like HPE OneView or iLO. Privilege escalation flaws also appear frequently, allowing unauthorized users to gain administrative control over managed devices. Notable incidents have included credential exposure and insecure default configurations in firmware updates, which attackers exploited to pivot into internal networks. These weaknesses highlight the risks inherent in complex, interconnected enterprise ecosystems where management planes are often targeted. The high volume of vulnerabilities underscores the necessity for rigorous patch management and strict access controls across HPE’s extensive product portfolio to mitigate potential systemic breaches.

Top products by Hewlett Packard Enterprise (HPE): Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central Aruba ClearPass Policy Manager ArubaOS (AOS) EdgeConnect SD-WAN Orchestrator Aruba EdgeConnect Enterprise Software AOS-8 Instant and AOS-10 AP Aruba Access Points running InstantOS and ArubaOS 10 Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; Aruba EdgeConnect Enterprise Orchestration Software HPE OneView HPE Aruba Networking ClearPass Policy Manager AOS-CX HPE Aruba Networking EdgeConnect SD-WAN Gateway HPE Athonet Core HPE StoreOnce Software ArubaOS Wi-Fi Controllers and Campus/Remote Access Points HPE 3PAR Service Processor HPE Aruba Networking AOS HPE 3PAR StoreServ Management and Core Software Media HPE Aruba Networking Access Points, Instant AOS-8, and AOS-10 Aruba OS HPE Aruba Networking Fabric Composer (AFC) HPE Aruba Networking AOS-CX HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10 HPE Aruba Networking Private 5G Core HPE Aruba Networking EdgeConnect SD-WAN HPE Insight Remote Support ClearPass Policy Manager (CPPM) HPE Aruba Networking Wireless Operating Systems (AOS-8 & AOS-10) HPE Aruba Networking Wireless Operating System (AOS-10 & AOS-8)
CVE IDTitleCVSSSeverityPublished
CVE-2026-23818 Open Redirect Vulnerability in HPE Aruba Networking Private 5G Core On-Prem — Private 5G Core 8.8 High2026-04-07
CVE-2026-23817 Unauthenticated Open Redirect allows URL Manipulation in Web Interface — AOS-CX 6.5 Medium2026-03-11
CVE-2026-23816 Authenticated Command Injection found in admin AOS-CX CLI command — AOS-CX 7.2 High2026-03-11
CVE-2026-23815 Authenticated Command Injection found in AOS-CX Administrative CLI Command — AOS-CX 7.2 High2026-03-11
CVE-2026-23814 Authenticated Command Injection found in AOS-CX CLI Command — AOS-CX 8.8 High2026-03-11
CVE-2026-23813 Authentication Bypass in Web Interface allows Unauthenticated Admin Password Reset — AOS-CX 9.8 Critical2026-03-11
CVE-2026-23812 Security Boundary Bypass via Routing Node Impersonation — HPE Aruba Networking Wireless Operating Systems (AOS-8 & AOS-10) 4.3 Medium2026-03-04
CVE-2026-23811 Unauthorized Bi-Directional Traffic Interception via L2/L3 Manipulation — HPE Aruba Networking Wireless Operating Systems (AOS-8 & AOS-10) 4.3 Medium2026-03-04
CVE-2026-23810 Cross-BSSID GTK Re-encryption and Traffic Injection — HPE Aruba Networking Wireless Operating Systems (AOS-8 & AOS-10) 4.3 Medium2026-03-04
CVE-2026-23809 MAC Address Spoofing leads to Inter-BSSID Isolation Bypass Resulting in Traffic Redirection — HPE Aruba Networking Wireless Operating System (AOS-10 & AOS-8) 5.4 Medium2026-03-04
CVE-2026-23808 Client Isolation Bypass via GTK Manipulation — HPE Aruba Networking Wireless Operating System (AOS-10 & AOS-8) 5.4 Medium2026-03-04
CVE-2026-23601 Frame Injection via Shared GTK Allows Traffic Spoofing and Client Compromise — HPE Aruba Networking Wireless Operating System (AOS-10 & AOS-8) 5.4 Medium2026-03-04
CVE-2026-23600 HPE AutoPass License Server 安全漏洞 — HPE AutoPass License Server (APLS) 9.8AICriticalAI2026-03-02
CVE-2026-23599 Local Privilege Escalation Vulnerability in HPE Aruba Networking Clear Pass Policy Manager OnGuard for Linux — HPE Aruba Networking ClearPass Policy Manager 7.8 High2026-02-17
CVE-2026-23598 Unauthenticated Information Disclosure in application API allows sensitive system information exposure — HPE Aruba Networking Private 5G Core 6.5 Medium2026-02-17
CVE-2026-23597 Unauthenticated Information Disclosure in application API allows sensitive system information exposure — HPE Aruba Networking Private 5G Core 6.5 Medium2026-02-17
CVE-2026-23596 Unauthenticated Improper Access Control in management API allows unauthorized service disruption — HPE Aruba Networking Private 5G Core 6.5 Medium2026-02-17
CVE-2026-23595 Unauthenticated Authentication Bypass in application API allows unauthorized administrative account creation — HPE Aruba Networking Private 5G Core 8.8 High2026-02-17
CVE-2026-23593 Unauthenticated Limited File Read allows Data Exposure in Web Interface — HPE Aruba Networking Fabric Composer 7.5 High2026-01-27
CVE-2026-23592 Insecure File Handling allows Remote Code Execution in Backup Functionality — HPE Aruba Networking Fabric Composer 7.2 High2026-01-27
CVE-2025-37181 Authenticated SQL Injection in EdgeConnect SD-WAN Orchestrator Web-Based Management Interface — EdgeConnect SD-WAN Orchestrator 7.2 High2026-01-14
CVE-2025-37185 Authenticated Stored Cross-Site Scripting Vulnerabilities (XSS) in EdgeConnect SD-WAN Orchestrator Web Administration Interface — EdgeConnect SD-WAN Orchestrator 5.5 Medium2026-01-14
CVE-2025-37184 Unauthenticated Bypass Allows Multi-Factor Authentication Circumvention — EdgeConnect SD-WAN Orchestrator 9.8 Critical2026-01-14
CVE-2025-37183 Authenticated SQL Injection in EdgeConnect SD-WAN Orchestrator Web-Based Management Interface — EdgeConnect SD-WAN Orchestrator 7.2 High2026-01-14
CVE-2025-37182 Authenticated SQL Injection in EdgeConnect SD-WAN Orchestrator Web-Based Management Interface — EdgeConnect SD-WAN Orchestrator 7.2 High2026-01-14
CVE-2025-37186 Local Privilege Escalation Vulnerability in HPE Aruba Networking Virtual Intranet Access (VIA) Client for Linux — Virtual Intranet Access (VIA) 7.8 High2026-01-13
CVE-2025-37179 Out-of-Bounds Read Vulnerabilities Leading to Process Crash in AOS-8 Operating System — ArubaOS (AOS) 5.3 Medium2026-01-13
CVE-2025-37178 Out-of-Bounds Read Vulnerabilities Leading to Process Crash in AOS-8 Operating System — ArubaOS (AOS) 5.3 Medium2026-01-13
CVE-2025-37177 Authenticated Arbitrary File Deletion Vulnerability in AOS-10 or AOS-8 Command Line Interface (CLI) — ArubaOS (AOS) 6.5 Medium2026-01-13
CVE-2025-37176 Authenticated Command Injection Vulnerability in an AOS-8 operating system's internal workflow — ArubaOS (AOS) 6.5 Medium2026-01-13

This page lists every published CVE security advisory associated with Hewlett Packard Enterprise (HPE). Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.