Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

Hewlett Packard Enterprise (HPE) — Vulnerabilities & Security Advisories 450

Browse all 450 CVE security advisories affecting Hewlett Packard Enterprise (HPE). AI-powered Chinese analysis, POCs, and references for each vulnerability.

Hewlett Packard Enterprise (HPE) operates as a critical infrastructure provider, designing and selling servers, storage, networking hardware, and associated software solutions for enterprise data centers. With 418 recorded CVEs, the company’s attack surface primarily involves its managed services and hardware management interfaces. Historically, common vulnerability classes include remote code execution (RCE) and cross-site scripting (XSS), often stemming from web-based management consoles like HPE OneView or iLO. Privilege escalation flaws also appear frequently, allowing unauthorized users to gain administrative control over managed devices. Notable incidents have included credential exposure and insecure default configurations in firmware updates, which attackers exploited to pivot into internal networks. These weaknesses highlight the risks inherent in complex, interconnected enterprise ecosystems where management planes are often targeted. The high volume of vulnerabilities underscores the necessity for rigorous patch management and strict access controls across HPE’s extensive product portfolio to mitigate potential systemic breaches.

Top products by Hewlett Packard Enterprise (HPE): Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central ArubaOS (AOS) Aruba ClearPass Policy Manager HPE Aruba Networking Wireless Operating System (AOS) EdgeConnect SD-WAN Orchestrator Aruba EdgeConnect Enterprise Software AOS-8 Instant and AOS-10 AP Aruba Access Points running InstantOS and ArubaOS 10 Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; Aruba EdgeConnect Enterprise Orchestration Software HPE OneView HPE Aruba Networking ClearPass Policy Manager AOS-CX HPE Aruba Networking EdgeConnect SD-WAN Gateway HPE Athonet Core HPE StoreOnce Software HPE 3PAR Service Processor ArubaOS Wi-Fi Controllers and Campus/Remote Access Points Aruba OS HPE Aruba Networking Access Points, Instant AOS-8, and AOS-10 HPE Aruba Networking AOS HPE 3PAR StoreServ Management and Core Software Media HPE Aruba Networking EdgeConnect SD-WAN HPE Aruba Networking Fabric Composer (AFC) HPE Aruba Networking Private 5G Core HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10 HPE Aruba Networking AOS-CX HPE Insight Remote Support HPE Aruba Networking Wireless Operating System (AOS-10 & AOS-8) ClearPass Policy Manager (CPPM)
CVE IDTitleCVSSSeverityPublished
CVE-2023-30909 Hewlett Packard Enterprise OneView 安全漏洞 — HPE OneView 9.8 Critical2023-09-14
CVE-2023-30908 Hewlett Packard Enterprise OneView 安全漏洞 — HPE OneView 9.8 Critical2023-09-07
CVE-2023-38486 Hardware Root of Trust Bypass in 9200 and 9000 Series Controllers and Gateways — 9200 Series Mobility Controllers and SD-WAN Gateways, 9000 Series Mobility Controllers and SD-WAN Gateways 7.7 High2023-09-06
CVE-2023-38485 Multiple Buffer Overflow Vulnerabilities in BIOS Implementation of 9200 and 9000 Series Controllers and Gateways — 9200 Series Mobility Controllers and SD-WAN Gateways, 9000 Series Mobility Controllers and SD-WAN Gateways 8.0 High2023-09-06
CVE-2023-38484 Multiple Buffer Overflow Vulnerabilities in BIOS Implementation of 9200 and 9000 Series Controllers and Gateways — 9200 Series Mobility Controllers and SD-WAN Gateways, 9000 Series Mobility Controllers and SD-WAN Gateways 8.0 High2023-09-06
CVE-2023-37440 Authenticated Server-Side Request Forgery (SSRF) Leading to Information Disclosure — EdgeConnect SD-WAN Orchestrator 5.5 Medium2023-08-22
CVE-2023-37439 Reflected Cross Site Scripting in EdgeConnect SD-WAN Orchestrator Web Management Interface — EdgeConnect SD-WAN Orchestrator 6.1 Medium2023-08-22
CVE-2023-37438 Authenticated SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator Web-based Management Interface — EdgeConnect SD-WAN Orchestrator 6.5 Medium2023-08-22
CVE-2023-37437 Authenticated SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator Web-based Management Interface — EdgeConnect SD-WAN Orchestrator 6.5 Medium2023-08-22
CVE-2023-37436 Authenticated SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator Web-based Management Interface — EdgeConnect SD-WAN Orchestrator 6.5 Medium2023-08-22
CVE-2023-37435 Authenticated SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator Web-based Management Interface — EdgeConnect SD-WAN Orchestrator 6.5 Medium2023-08-22
CVE-2023-37434 Authenticated SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator Web-based Management Interface — EdgeConnect SD-WAN Orchestrator 6.5 Medium2023-08-22
CVE-2023-37433 Authenticated SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator Web-based Management Interface — EdgeConnect SD-WAN Orchestrator 6.5 Medium2023-08-22
CVE-2023-37432 Authenticated SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator Web-based Management Interface — EdgeConnect SD-WAN Orchestrator 6.5 Medium2023-08-22
CVE-2023-37431 Authenticated SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator Web-based Management Interface — EdgeConnect SD-WAN Orchestrator 6.5 Medium2023-08-22
CVE-2023-37430 Authenticated SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator Web-based Management Interface — EdgeConnect SD-WAN Orchestrator 6.5 Medium2023-08-22
CVE-2023-37429 Authenticated SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator Web-based Management Interface — EdgeConnect SD-WAN Orchestrator 6.5 Medium2023-08-22
CVE-2023-37428 Authenticated Remote Code Execution via Path Traversal in EdgeConnect SD-WAN Orchestrator Web-Based Management Interface — EdgeConnect SD-WAN Orchestrator 7.2 High2023-08-22
CVE-2023-37427 Authenticated Remote Code Execution in EdgeConnect SD-WAN Orchestrator Web-Based Management Interface — EdgeConnect SD-WAN Orchestrator 7.2 High2023-08-22
CVE-2023-37426 Shared SSH Static Host Keys in EdgeConnect SD-WAN Orchestrator — EdgeConnect SD-WAN Orchestrator 7.4 High2023-08-22
CVE-2023-37425 Unauthenticated Stored Cross-Site Scripting Vulnerability (XSS) in EdgeConnect SD-WAN Orchestrator Web-Based Management Interface — EdgeConnect SD-WAN Orchestrator 8.0 High2023-08-22
CVE-2023-37424 Unauthenticated Remote Code Execution in EdgeConnect SD-WAN Orchestrator Web-Based Management Interface — EdgeConnect SD-WAN Orchestrator 8.1 High2023-08-22
CVE-2023-37423 Authenticated Stored Cross-Site Scripting Vulnerabilities (XSS) in EdgeConnect SD-WAN Orchestrator Web Administration Interface — EdgeConnect SD-WAN Orchestrator 8.1 High2023-08-22
CVE-2023-37422 Authenticated Stored Cross-Site Scripting Vulnerabilities (XSS) in EdgeConnect SD-WAN Orchestrator Web Administration Interface — EdgeConnect SD-WAN Orchestrator 8.1 High2023-08-22
CVE-2023-37421 Authenticated Stored Cross-Site Scripting Vulnerabilities (XSS) in EdgeConnect SD-WAN Orchestrator Web Administration Interface — EdgeConnect SD-WAN Orchestrator 8.1 High2023-08-22
CVE-2023-38402 Arbitrary File Overwrite in HPE Aruba Networking Virtual Intranet Access (VIA) Microsoft Windows Client — HPE Aruba Networking Virtual Intranet Access (VIA) 7.1 High2023-08-15
CVE-2023-38401 Local Privilege Escalation in HPE Aruba Networking Virtual Intranet Access (VIA) Microsoft Windows Client — HPE Aruba Networking Virtual Intranet Access (VIA) 7.8 High2023-08-15
CVE-2023-3718 Authenticated Command Injection Vulnerability in AOS-CX Command Line Interface — Aruba CX Switches 8.8 High2023-08-01
CVE-2023-35982 Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol — Aruba Access Points running InstantOS and ArubaOS 10 9.8 Critical2023-07-25
CVE-2023-35981 Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol — Aruba Access Points running InstantOS and ArubaOS 10 9.8 Critical2023-07-25

This page lists every published CVE security advisory associated with Hewlett Packard Enterprise (HPE). Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.