CVE-2020-5414

>= 2.7.0 and < 2.7.15

VMware Tanzu Application Service for VMs (2.7.x versions prior to 2.7.19, 2.8.x versions prior to 2.8.13, and 2.9.x versions prior

5.7MEDIUM

CVE-2019-11292

>= 2.4.0 and < 2.4.27

Pivotal Ops Manager, versions 2.4.x prior to 2.4.27, 2.5.x prior to 2.5.24, 2.6.x prior to 2.6.16, and 2.7.x prior to 2.7.5, logs

6.5MEDIUM

CVE-2019-11270

>= 2.3.0 and < 2.3.22

Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the 'clients.write' author

7.5HIGH

CVE-2019-3790

>= 2.2.0 and < 2.2.23

The Pivotal Ops Manager, 2.2.x versions prior to 2.2.23, 2.3.x versions prior to 2.3.16, 2.4.x versions prior to 2.4.11, and 2.5.x

6.1MEDIUM

CVE-2019-3776

>= 2.1.0 and < 2.1.20

Pivotal Operations Manager, 2.1.x versions prior to 2.1.20, 2.2.x versions prior to 2.2.16, 2.3.x versions prior to 2.3.10, 2.4.x

7.2HIGH

CVE-2018-15762

>= 2.0.0 and < 2.0.24

Pivotal Operations Manager, versions 2.0.x prior to 2.0.24, versions 2.1.x prior to 2.1.15, versions 2.2.x prior to 2.2.7, and ver

9.0CRITICAL

CVE-2018-11081

>= 1.11.0 and < 1.12.25

Pivotal Operations Manager, versions 2.2.x prior to 2.2.1, 2.1.x prior to 2.1.11, 2.0.x prior to 2.0.16, and 1.11.x prior to 2, fa

7.9HIGH

CVE-2018-11045

>= 1.12 and < 1.12.22

Pivotal Operations Manager, versions 2.1 prior to 2.1.6 and 2.0 prior to 2.0.15 and 1.12 prior to 1.12.22, contains a static Linux

5.9MEDIUM

CVE-2018-11046

>= 2.1.0 and < 2.1.6

Pivotal Operations Manager, versions 2.1.x prior to 2.1.6 and version 2.0.14, includes NGINX packages that lacks security vulnerab

6.5MEDIUM

CVE-2016-0930

<= 1.6.18

Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.19 and 1.7.x before 1.7.10, when vCloud or vSphere is used, has a default passw

9.8CRITICAL

CVE-2016-0897

<= 1.6.16

Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 and 1.7.x before 1.7.8, when vCloud or vSphere is used, does not properly en

9.8CRITICAL

CVE-2016-0883

<= 1.5.13

Pivotal Cloud Foundry (PCF) Ops Manager before 1.5.14 and 1.6.x before 1.6.9 uses the same cookie-encryption key across different

9.8CRITICAL

CVE-2016-4380

<= 9.21

Cross-site scripting (XSS) vulnerability in the AdminUI in HPE Operations Manager 9.21.x before 9.21.130 allows remote authenticat

5.4MEDIUM

CVE-2016-4373

<= 9.21.120

The AdminUI in HPE Operations Manager (OM) before 9.21.130 on Linux, Unix, and Solaris allows remote attackers to execute arbitrar

9.8CRITICAL

CVE-2016-1985

all versions

HPE Operations Manager 8.x and 9.0 on Windows allows remote attackers to execute arbitrary commands via a crafted serialized Java

10.0CRITICAL

CVE-2014-2649

all versions

Unspecified vulnerability in HP Operations Manager 9.20 on UNIX allows remote attackers to execute arbitrary code via unknown vect

CVE-2014-2648

all versions

Unspecified vulnerability in HP Operations Manager 9.10 and 9.11 on UNIX allows remote attackers to execute arbitrary code via unk

CVE-2014-5073

<= 4.6

vmtadmin.cgi in VMTurbo Operations Manager before 4.6 build 28657 allows remote attackers to execute arbitrary commands via shell

CVE-2014-3806

<= 4.5

Directory traversal vulnerability in cgi-bin/help/doIt.cgi in VMTurbo Operations Manager before 4.6 allows remote attackers to rea

CVE-2010-1033

all versions

Multiple stack-based buffer overflows in a certain Tetradyne ActiveX control in HP Operations Manager 7.5, 8.10, and 8.16 might al

CVE-2009-4189

all versions

HP Operations Manager has a default password of OvW*busr1 for the ovwebusr account, which allows remote attackers to execute arbit

CVE-2009-3843

all versions

HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote

CVE-2009-3099

all versions

Unspecified vulnerability in HP OpenView Operations Manager 8.1 on Windows Server 2003 SP2 allows remote attackers to have an unkn