HPE 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
公開された問題は vendor risk cross-site scripting、vendor risk open redirect, and vendor risk input validation に関連することが多く、vendor surface software deployment and vendor surface production workloads の文脈で vendor impact session compromise and vendor impact unexpected behavior などの暴露リスクを伴う場合があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2026-23818 | A vulnerability has been identified in the graphical user interface (GUI) of HPE Aruba Networking Private 5G Core On-Prem that could allow an attacker to abuse an open redirect vulnerability in the login flow using a crafted URL. Successful exploitation may redirect an authenticated user to an attacker-controlled server hosting a spoofed login page prompting the unsuspecting victim to give away their credentials, which could then be captured by the attacker, before being redirected back to the l | [email protected] | 8.8 | 0.32% | 2026-04-07 | 2026-06-17 |
| CVE-2026-23817 | A vulnerability in the web-based management interface of AOS-CX Switches could allow an unauthenticated remote attacker to redirect users to an arbitrary URL. | [email protected] | 6.5 | 0.29% | 2026-03-11 | 2026-06-17 |
| CVE-2026-23598 | Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow an unauthenticated remote attacker to obtain sensitive information. Successful exploitation could allow an attacker to access details such as user accounts, roles, and system configuration, as well as to gain insight into internal services and workflows, increasing the risk of unauthorized access and elevated privileges when combined with other vulnerabilities. | [email protected] | 6.5 | 0.33% | 2026-02-17 | 2026-06-17 |
| CVE-2026-23597 | Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow an unauthenticated remote attacker to obtain sensitive information. Successful exploitation could allow an attacker to access details such as user accounts, roles, and system configuration, as well as to gain insight into internal services and workflows, increasing the risk of unauthorized access and elevated privileges when combined with other vulnerabilities. | [email protected] | 6.5 | 0.25% | 2026-02-17 | 2026-06-17 |
| CVE-2026-23596 | A vulnerability in the management API of the affected product could allow an unauthenticated remote attacker to trigger service restarts. Successful exploitation could allow an attacker to disrupt services and negatively impact system availability. | [email protected] | 6.5 | 0.24% | 2026-02-17 | 2026-06-17 |
| CVE-2026-23595 | An authentication bypass in the application API allows an unauthorized administrative account to be created. A remote attacker could exploit this vulnerability to create privileged user accounts. Successful exploitation could allow an attacker to gain administrative access, modify system configurations, and access or manipulate sensitive data. | [email protected] | 8.8 | 0.30% | 2026-02-17 | 2026-06-17 |
| CVE-2025-37164 KEV | A remote code execution issue exists in HPE OneView. | [email protected] | 10.0 | 89.73% | 2025-12-16 | 2026-06-17 |
| CVE-2025-37160 | A broken access control (BAC) vulnerability in the web-based management interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitation of this vulnerability could enable the attacker to disclose sensitive data. | [email protected] | 5.3 | 0.24% | 2025-11-18 | 2026-06-17 |
| CVE-2025-37159 | A vulnerability in the web management interface of the AOS-CX OS user authentication service could allow an authenticated remote attacker to hijack an active user session. Successful exploitation may enable the attacker to maintain unauthorized access to the session, potentially leading to the view or modification of sensitive configuration data. | [email protected] | 5.8 | 0.22% | 2025-11-18 | 2026-06-17 |
| CVE-2025-37158 | A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution (RCE) on the affected system. | [email protected] | 6.7 | 0.57% | 2025-11-18 | 2026-06-17 |
| CVE-2025-37157 | A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution (RCE) on the affected system. | [email protected] | 6.7 | 0.57% | 2025-11-18 | 2026-06-17 |
| CVE-2025-37156 | A platform-level denial-of-service (DoS) vulnerability exists in ArubaOS-CX software. Successful exploitation of this vulnerability could allow an attacker with administrative access to execute specific code that renders the switch non-bootable and effectively non-functional. | [email protected] | 6.8 | 0.25% | 2025-11-18 | 2026-06-17 |
| CVE-2025-37155 | A vulnerability in the SSH restricted shell interface of the network management services allows improper access control for authenticated read-only users. If successfully exploited, this vulnerability could allow an attacker with read-only privileges to gain administrator access on the affected system. | [email protected] | 7.8 | 0.10% | 2025-11-18 | 2026-06-17 |
| CVE-2025-37107 | An authentication bypass vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.18. | [email protected] | 7.3 | 0.41% | 2025-07-16 | 2026-06-17 |
| CVE-2025-37106 | An authentication bypass and disclosure of information vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.18. | [email protected] | 7.3 | 0.41% | 2025-07-16 | 2026-06-17 |
| CVE-2025-37105 | An hsqldb-related remote code execution vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.18. | [email protected] | 7.5 | 0.58% | 2025-07-16 | 2026-06-17 |
| CVE-2024-51770 | An information disclosure vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17. | [email protected] | 7.5 | 0.36% | 2025-07-14 | 2026-06-17 |
| CVE-2024-51769 | An information disclosure vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17. | [email protected] | 7.5 | 0.36% | 2025-07-14 | 2026-06-17 |
| CVE-2024-51768 | An hsqldb-related remote code execution vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17. | [email protected] | 8.0 | 0.37% | 2025-07-14 | 2026-06-17 |
| CVE-2024-51767 | An authentication bypass vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17. | [email protected] | 7.3 | 1.14% | 2025-07-14 | 2026-06-17 |