Aggregates CVE and security vulnerability intelligence across all HPE-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Disclosed issues often relate to vendor risk cross-site scripting, vendor risk open redirect, and vendor risk input validation; exposure may include vendor impact session compromise in vendor surface software deployment contexts.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-23818 | A vulnerability has been identified in the graphical user interface (GUI) of HPE Aruba Networking Private 5G Core On-Prem that could allow an attacker to abuse an open redirect vulnerability in the login flow using a crafted URL. Successful exploitation may redirect an authenticated user to an attacker-controlled server hosting a spoofed login page prompting the unsuspecting victim to give away their credentials, which could then be captured by the attacker, before being redirected back to the l | [email protected] | 8.8 | 0.04% | 2026-04-07 | 2026-04-14 |
| CVE-2026-23817 | A vulnerability in the web-based management interface of AOS-CX Switches could allow an unauthenticated remote attacker to redirect users to an arbitrary URL. | [email protected] | 6.5 | 0.03% | 2026-03-11 | 2026-05-13 |
| CVE-2026-23598 | Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow an unauthenticated remote attacker to obtain sensitive information. Successful exploitation could allow an attacker to access details such as user accounts, roles, and system configuration, as well as to gain insight into internal services and workflows, increasing the risk of unauthorized access and elevated privileges when combined with other vulnerabilities. | [email protected] | 6.5 | 0.02% | 2026-02-17 | 2026-02-28 |
| CVE-2026-23597 | Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow an unauthenticated remote attacker to obtain sensitive information. Successful exploitation could allow an attacker to access details such as user accounts, roles, and system configuration, as well as to gain insight into internal services and workflows, increasing the risk of unauthorized access and elevated privileges when combined with other vulnerabilities. | [email protected] | 6.5 | 0.05% | 2026-02-17 | 2026-03-02 |
| CVE-2026-23596 | A vulnerability in the management API of the affected product could allow an unauthenticated remote attacker to trigger service restarts. Successful exploitation could allow an attacker to disrupt services and negatively impact system availability. | [email protected] | 6.5 | 0.06% | 2026-02-17 | 2026-02-28 |
| CVE-2026-23595 | An authentication bypass in the application API allows an unauthorized administrative account to be created. A remote attacker could exploit this vulnerability to create privileged user accounts. Successful exploitation could allow an attacker to gain administrative access, modify system configurations, and access or manipulate sensitive data. | [email protected] | 8.8 | 0.09% | 2026-02-17 | 2026-02-28 |
| CVE-2025-37164 KEV | A remote code execution issue exists in HPE OneView. | [email protected] | 10.0 | 79.59% | 2025-12-16 | 2026-01-10 |
| CVE-2025-37160 | A broken access control (BAC) vulnerability in the web-based management interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitation of this vulnerability could enable the attacker to disclose sensitive data. | [email protected] | 5.3 | 0.04% | 2025-11-18 | 2025-12-04 |
| CVE-2025-37159 | A vulnerability in the web management interface of the AOS-CX OS user authentication service could allow an authenticated remote attacker to hijack an active user session. Successful exploitation may enable the attacker to maintain unauthorized access to the session, potentially leading to the view or modification of sensitive configuration data. | [email protected] | 5.8 | 0.03% | 2025-11-18 | 2025-12-04 |
| CVE-2025-37158 | A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution (RCE) on the affected system. | [email protected] | 6.7 | 0.05% | 2025-11-18 | 2025-12-04 |
| CVE-2025-37157 | A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution (RCE) on the affected system. | [email protected] | 6.7 | 0.05% | 2025-11-18 | 2025-12-04 |
| CVE-2025-37156 | A platform-level denial-of-service (DoS) vulnerability exists in ArubaOS-CX software. Successful exploitation of this vulnerability could allow an attacker with administrative access to execute specific code that renders the switch non-bootable and effectively non-functional. | [email protected] | 6.8 | 0.06% | 2025-11-18 | 2025-12-04 |
| CVE-2025-37155 | A vulnerability in the SSH restricted shell interface of the network management services allows improper access control for authenticated read-only users. If successfully exploited, this vulnerability could allow an attacker with read-only privileges to gain administrator access on the affected system. | [email protected] | 7.8 | 0.01% | 2025-11-18 | 2025-12-04 |
| CVE-2025-37107 | An authentication bypass vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.18. | [email protected] | 7.3 | 0.25% | 2025-07-16 | 2025-07-25 |
| CVE-2025-37106 | An authentication bypass and disclosure of information vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.18. | [email protected] | 7.3 | 0.25% | 2025-07-16 | 2025-07-25 |
| CVE-2025-37105 | An hsqldb-related remote code execution vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.18. | [email protected] | 7.5 | 0.95% | 2025-07-16 | 2025-07-25 |
| CVE-2024-51770 | An information disclosure vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17. | [email protected] | 7.5 | 0.50% | 2025-07-14 | 2025-07-25 |
| CVE-2024-51769 | An information disclosure vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17. | [email protected] | 7.5 | 0.50% | 2025-07-14 | 2025-07-25 |
| CVE-2024-51768 | An hsqldb-related remote code execution vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17. | [email protected] | 8.0 | 0.59% | 2025-07-14 | 2025-07-25 |
| CVE-2024-51767 | An authentication bypass vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17. | [email protected] | 7.3 | 0.07% | 2025-07-14 | 2025-07-25 |