VIR Vulnerability Intelligence Relay

Search

Found 212 results in 35ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-8632 high 7.8 7.8 FIX debian debian sles hp 14d ago A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or arbitrary code execution v…
CVE-2017-14360 high 7.5 7.5 hp 9y ago A potential security vulnerability has been identified in HPE Content Manager Workgroup Service v9.00. The vulnerability could be remotely exploited to allow Denial of Service (DoS).
CVE-2017-14353 high 8.8 8.8 hp 9y ago A remote code execution vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33, could be remotely exploited to allow code execution.
CVE-2017-13989 high 8.1 8.1 hp 9y ago An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to retrieve or modify storage i…
CVE-2017-13982 high 8.8 8.8 hp 9y ago A directory traversal vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows users to upload unrestricted files.
CVE-2015-0839 high 8.1 8.1 FIX debian debian hp 9y ago The hp-plugin utility in HP Linux Imaging and Printing (HPLIP) makes it easier for man-in-the-middle attackers to execute arbitrary code by leveraging use of a short GPG key id from a keyserver to ve…
CVE-2016-4383 high 8.4 8.4 slesdebian debian hp 9y ago The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be reassigned, which allows remote authenticated users to cause other users to boot into a modified ima…
CVE-2017-3733 high 7.5 7.5 FIX debian debian opensslhp 9y ago During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (d…
CVE-2016-4396 high 7.5 7.5 hp 10y ago HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow" issue.
CVE-2016-4395 high 7.5 7.5 hp 10y ago HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow" issue.
CVE-2016-4390 high 8.1 8.1 hp 10y ago The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4388, and CVE-2016-…
CVE-2016-4389 high 8.1 8.1 hp 10y ago The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4388, and CVE-2016-…
CVE-2016-4388 high 8.1 8.1 hp 10y ago The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4389, and CVE-2016-…
CVE-2016-4387 high 8.1 8.1 hp 10y ago The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4388, CVE-2016-4389, and CVE-2016-…
CVE-2016-4386 high 7.8 7.8 hp 10y ago HPE Network Automation Software 10.10 allows local users to write to arbitrary files via unspecified vectors.
CVE-2016-4385 high 7.3 7.3 hp 10y ago The RMI service in HP Network Automation Software 9.1x, 9.2x, 10.0x before 10.00.02.01, and 10.1x before 10.11.00.01 allows remote attackers to execute arbitrary commands via a crafted serialized Jav…
CVE-2016-4384 high 8.6 8.6 hp 10y ago HPE Performance Center before 12.50 and LoadRunner before 12.50 allow remote attackers to cause a denial of service via unspecified vectors.
CVE-2016-4382 high 8.3 8.3 hp 10y ago HPE Performance Center 11.52, 12.00, 12.01, 12.20, and 12.50 allows remote attackers to bypass intended access restrictions via unspecified vectors, related to a "remote user validation failure" issu…
CVE-2016-4378 high 7.5 7.5 hp 10y ago The (1) Device Manager, (2) Tiered Storage Manager, (3) Replication Manager, (4) Replication Monitor, and (5) Hitachi Automation Director (HAD) components in HPE XP P9000 Command View Advanced Editio…
CVE-2016-4377 high 8.1 8.1 hp 10y ago HPE Smart Update in Storage Sizing Tool before 13.0, Converged Infrastructure Solution Sizer Suite (CISSS) before 2.13.1, Power Advisor before 7.8.2, Insight Management Sizer before 16.12.1, Synergy …
CVE-2016-4374 high 7.7 7.7 hp 10y ago HPE Release Control (RC) 9.13, 9.20, and 9.21 before 9.21.0005 p4 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and consequently obtain sensitive informatio…
CVE-2016-5388 high 8.1 8.1 FIX sles rheldebian debian hpapache 10y ago Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted cli…
CVE-2016-5387 high 8.1 8.1 FIX debian debian slesfedora fedora apachehporacle 10y ago The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, wh…
CVE-2016-5385 high 8.1 8.1 slesfedora fedorasuse suse oraclehpphp 10y ago HTTP Proxy header vulnerability
CVE-2016-3092 high 7.5 7.5 FIX slesdebian debianubuntu ubuntu apachehp 10y ago The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, all…
CVE-2016-4371 high 8.0 8.0 hp 10y ago HPE Service Manager Software 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote authenticated users to obtain sensitive information, modify data, and conduct server-side request forgery…
CVE-2016-4447 high 7.5 7.5 FIX slesdebian debianubuntu ubuntu hpapplexmlsoft 10y ago The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted …
CVE-2016-4369 high 8.8 8.8 hp 10y ago HPE Discovery and Dependency Mapping Inventory (DDMi) 9.30, 9.31, 9.32, 9.32 update 1, 9.32 update 2, and 9.32 update 3 allows remote authenticated users to execute arbitrary commands via a crafted s…
CVE-2016-4367 high 7.5 7.5 hp 10y ago The Universal Discovery component in HPE Universal CMDB 10.0, 10.01, 10.10, 10.11, 10.20, and 10.21 allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2016-4365 high 7.5 7.5 hp 10y ago HPE Insight Control server deployment allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2016-4364 high 8.4 8.4 hp 10y ago HPE Insight Control server deployment allows local users to gain privileges via unspecified vectors.
CVE-2016-4362 high 8.1 8.1 hp 10y ago HPE Insight Control server deployment allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.
CVE-2016-4361 high 7.5 7.5 hp 10y ago HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch …
CVE-2016-4358 high 8.1 8.1 hp 10y ago HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2029.
CVE-2016-4357 high 8.1 8.1 hp 10y ago HPE Matrix Operating Environment before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2028.
CVE-2016-2030 high 8.1 8.1 hp 10y ago HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, …
CVE-2016-2028 high 8.1 8.1 hp 10y ago HPE Matrix Operating Environment before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-4357.
CVE-2016-2027 high 7.5 7.5 hp 10y ago HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-2026.
CVE-2016-2026 high 7.5 7.5 hp 10y ago HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-2027.
CVE-2016-2022 high 8.1 8.1 hp 10y ago HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, …
CVE-2016-2021 high 8.1 8.1 hp 10y ago HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, …
CVE-2016-2020 high 8.1 8.1 hp 10y ago HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, …
CVE-2016-2019 high 8.1 8.1 hp 10y ago HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, …
CVE-2016-2017 high 8.1 8.1 hp 10y ago HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2019, …
CVE-2016-2025 high 7.5 7.5 hp 10y ago HPE Service Manager 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote attackers to obtain sensitive information via unspecified vectors, related to the Web Client, Service Request Cata…
CVE-2016-3705 high 7.5 7.5 FIX debian debianubuntu ubuntususe suse xmlsofthp 10y ago The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to caus…
CVE-2016-3627 high 7.5 7.5 FIX slesubuntu ubuntudebian debian hpxmlsoftredhat 10y ago The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consum…
CVE-2016-2015 high 7.1 7.1 hp 10y ago HPE System Management Homepage before 7.5.5 allows local users to obtain sensitive information or modify data via unspecified vectors.
CVE-2016-3710 high 8.8 8.8 FIX slesubuntu ubuntudebian debian hpqemuoracle 10y ago The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes …
CVE-2016-2014 high 8.1 8.1 hp 10y ago HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to modify data or cause a denial of service via unspecified vectors.
CVE-2016-2009 high 8.8 8.8 hp 10y ago HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to execute arbitrary commands via a crafted serialized Java object, related to the Apache …
CVE-2016-2001 high 7.4 7.4 hp 10y ago HPE Universal CMDB Foundation 10.0, 10.01, 10.10, 10.11, and 10.20 allows remote attackers to obtain sensitive information or conduct URL redirection attacks via unspecified vectors.
CVE-2016-1996 high 7.7 7.7 hp 10y ago HPE System Management Homepage before 7.5.4 allows local users to obtain sensitive information or modify data via unspecified vectors.
CVE-2016-1993 high 8.1 8.1 hp 10y ago HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.
CVE-2015-7547 high 8.1 9.1 EXPFIX debian debianubuntu ubuntususe suse hpsophossuse 10y ago Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a den…
CVE-2016-0728 high 7.8 8.8 EXPFIX slesdebian debianubuntu ubuntu hp 11y ago The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or…
CVE-2015-6863 high 7.3 7.3 hp 11y ago HPE ArcSight Logger before 6.1P1 allows remote attackers to execute arbitrary code via unspecified input to the (1) Intellicus or (2) client-certificate upload component.
CVE-2015-6862 high 8.4 8.4 hp 11y ago HPE UCMDB Browser before 4.02 allows remote attackers to obtain sensitive information or bypass intended access restrictions via unspecified vectors.
CVE-2015-6858 low 3.7 3.7 hp 11y ago HP Insight Control server provisioning before 7.5.0 RabbitMQ allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2015-5312 high 7.1 FIX debian debianubuntu ubuntu rhel xmlsofthp 11y ago Nokogiri subject to DoS via libxml2 vulnerability
CVE-2015-6857 high 7.2 hp 11y ago Unspecified vulnerability in Virtual Table Server (VTS) in HP LoadRunner 11.52, 12.00, 12.01, 12.02, and 12.50 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-3138.
CVE-2015-6030 high 7.2 hpmicrofocus 11y ago HP ArcSight Logger 6.0.0.7307.1, ArcSight Command Center 6.8.0.1896.0, and ArcSight Connector Appliance 6.4.0.6881.3 use the root account to execute files owned by the arcsight user, which might allo…
CVE-2015-5368 high 7.8 hp 11y ago The HP lt4112 LTE/HSPA+ Gobi 4G module with firmware before 12.500.00.15.1803 on EliteBook, ElitePad, Elite, ProBook, Spectre, ZBook, and mt41 Thin Client devices allows remote attackers to modify da…
CVE-2015-5432 high 7.5 hp 11y ago HP Virtual Connect Enterprise Manager (VCEM) SDK before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote attackers to obtain sensitive information or m…
CVE-2015-5429 high 7.5 hp 11y ago HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5427 and CVE-2015-…
CVE-2015-5428 high 7.5 hp 11y ago HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5427 and CVE-2015-…
CVE-2015-5427 high 7.5 hp 11y ago HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5428 and CVE-2015-…
CVE-2015-5404 high 7.5 hp 11y ago HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote attackers to obtain sensitive information or modify data via u…
CVE-2015-5402 high 7.2 hp 11y ago HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows local users to gain privileges, and consequently obtain sensitive inf…
CVE-2015-5409 high 7.5 hp 11y ago Buffer overflow in HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to modify data or cause a denial of service via unspecified vectors.
CVE-2015-5424 high 7.5 hp 11y ago Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2885.
CVE-2015-5423 high 7.5 hp 11y ago Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2884.
CVE-2015-5422 high 7.5 hp 11y ago Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2883.
CVE-2015-5421 high 7.5 hp 11y ago Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2881.
CVE-2015-5420 high 7.5 hp 11y ago Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2880.
CVE-2015-5419 high 7.5 hp 11y ago Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2879.
CVE-2015-5418 high 7.5 hp 11y ago Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2877.
CVE-2015-5417 high 7.5 hp 11y ago Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2876.
CVE-2015-5416 high 7.5 hp 11y ago Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2875.
CVE-2015-3200 high 7.5 7.5 FIX debian debian lighttpdhp 11y ago mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a N…
CVE-2015-2124 high 7.2 hp 11y ago Unspecified vulnerability in Easy Setup Wizard in HP ThinPro Linux 4.1 through 5.1 and Smart Zero Core 4.3 and 4.4 allows local users to bypass intended access restrictions and gain privileges via un…
CVE-2015-2121 high 7.8 hp 11y ago HP Network Virtualization for LoadRunner and Performance Center 8.61 and 11.52 allows remote attackers to read arbitrary files via a crafted filename in a URL to the (1) HttpServlet or (2) NetworkEdi…
CVE-2015-2122 high 7.8 hp 11y ago The REST layer on HP SDN VAN Controller devices 2.5 and earlier allows remote attackers to cause a denial of service via network traffic to the REST port.
CVE-2015-2120 high 8.7 hp 11y ago Unspecified vulnerability in HP SiteScope 11.1x before 11.13, 11.2x before 11.24.391, and 11.3x before 11.30.521 allows remote authenticated users to gain privileges via unknown vectors, aka ZDI-CAN-…
CVE-2015-2115 low 2.7 hp 11y ago Unspecified vulnerability in HP Capture and Route Software (HPCR) 1.3 before Patch 7, 1.3 FP1 before Patch 1, and 1.4 before Patch 1 allows remote authenticated users to obtain sensitive information …
CVE-2015-2117 high 7.5 hp 11y ago HP TippingPoint Security Management System (SMS) and TippingPoint Virtual Security Management System (vSMS) before 4.1 patch 3 and 4.2 before patch 1 do not require authentication for JBoss RMI reque…
CVE-2015-3145 high 7.5 FIX debian debianubuntu ubuntususe suse haxxhp 11y ago The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and c…
CVE-2015-2111 low 2.1 windows windows hp 11y ago Unspecified vulnerability in HP Intelligent Provisioning 1.40 through 1.60 on Windows Server 2008 R2 and 2012 allows local users to obtain sensitive information via unknown vectors.
CVE-2015-2109 high 7.5 hp 11y ago Unspecified vulnerability in HP Operations Orchestration 10.x allows remote attackers to bypass authentication, and obtain sensitive information or modify data, via unknown vectors.
CVE-2015-2108 low 3.5 hp 11y ago Unspecified vulnerability in Powershell Operations in HP Operations Orchestration 9.x and 10.x allows remote authenticated users to obtain sensitive information via unknown vectors.
CVE-2014-2649 high 7.5 hp 12y ago Unspecified vulnerability in HP Operations Manager 9.20 on UNIX allows remote attackers to execute arbitrary code via unknown vectors.
CVE-2014-2646 high 7.2 hp 12y ago Unspecified vulnerability in HP Network Automation 9.10 and 9.20 allows local users to bypass intended access restrictions via unknown vectors.
CVE-2014-2638 high 7.5 hp 12y ago Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2344.
CVE-2014-2637 high 7.5 hp 12y ago Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2342.
CVE-2014-2636 high 7.5 hp 12y ago Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2336.
CVE-2014-2635 high 7.5 hp 12y ago Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2343.
CVE-2013-4840 high 7.8 h3chp 12y ago Unspecified vulnerability in HP and H3C VPN Firewall Module products SECPATH1000FE before 5.20.R3177 and SECBLADEFW before 5.20.R3177 allows remote attackers to cause a denial of service via unknown …
CVE-2014-2625 high 8.5 hp 12y ago Directory traversal vulnerability in the storedNtxFile function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to read arbitrary files via crafted input,…
CVE-2014-2622 high 8.5 hp 12y ago Unspecified vulnerability in HP Intelligent Management Center (iMC) before 7.0 E02020P03 and Branch Intelligent Management System (BIMS) before 7.0 E0201P02 allows remote authenticated users to obtai…
CVE-2014-2621 high 7.8 hp 12y ago Unspecified vulnerability in HP Intelligent Management Center (iMC) before 7.0 E02020P03 and Branch Intelligent Management System (BIMS) before 7.0 E0201P02 allows remote attackers to obtain sensitiv…