CVE-2026-2915 - Vulnerability Details - OpenCVE

HP System Event Utility might allow denial of service with elevated arbitrary file writes. This potential vulnerability was remediated with HP System Event Utility version 3.2.16.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Hp Inc	Hp System Event Utility

No data.

No data.

No data.

References

Link	Providers
https://support.hp.com/us-en/document/ish_14271963-14271996-16/hpsbgn04097

History

Tue, 03 Mar 2026 20:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-276 CWE-732
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 03 Mar 2026 19:30:00 +0000

Type	Values Removed	Values Added
Description		HP System Event Utility might allow denial of service with elevated arbitrary file writes. This potential vulnerability was remediated with HP System Event Utility version 3.2.16.
Title		HP System Event Utility – Denial of Service
First Time appeared		Hp Inc Hp Inc hp System Event Utility
CPEs		cpe:2.3:a:hp_inc:hp_system_event_utility:::windows:::::*
Vendors & Products		Hp Inc Hp Inc hp System Event Utility
References		https://support.hp.com/us-en/document/ish_14271963-14271996-16/hpsbgn04097
Metrics		cvssV4_0 `{'score': 5.2, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: hp

Published: 2026-03-03T19:25:56.542Z

Updated: 2026-03-03T19:36:10.534Z

Reserved: 2026-02-20T20:33:06.903Z

Link: CVE-2026-2915

Vulnrichment

Updated: 2026-03-03T19:35:40.934Z

NVD

Status : Received

Published: 2026-03-03T20:16:49.980

Modified: 2026-03-03T20:16:49.980

Link: CVE-2026-2915

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2915", "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2", "state": "PUBLISHED", "assignerShortName": "hp", "dateReserved": "2026-02-20T20:33:06.903Z", "datePublished": "2026-03-03T19:25:56.542Z", "dateUpdated": "2026-03-03T19:36:10.534Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "HP System Event Utility", "vendor": "HP Inc", "versions": [{"lessThan": "3.2.16", "status": "affected", "version": "0", "versionType": "custom"}]}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hp_inc:hp_system_event_utility:*:*:windows:*:*:*:*:*", "versionEndExcluding": "3.2.16", "versionStartIncluding": "0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "HP System Event Utility might allow denial of service with elevated arbitrary file writes. This potential vulnerability was\n remediated with HP System Event Utility version 3.2.16."}], "value": "HP System Event Utility might allow denial of service with elevated arbitrary file writes. This potential vulnerability was\n remediated with HP System Event Utility version 3.2.16."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 5.2, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"description": "HP System Event Utility \u2013 Denial of Service", "lang": "en"}]}], "providerMetadata": {"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2", "shortName": "hp", "dateUpdated": "2026-03-03T19:25:56.542Z"}, "references": [{"url": "https://support.hp.com/us-en/document/ish_14271963-14271996-16/hpsbgn04097"}], "source": {"discovery": "UNKNOWN"}, "title": "HP System Event Utility \u2013 Denial of Service", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-276", "lang": "en", "description": "CWE-276 Incorrect Default Permissions"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-732", "lang": "en", "description": "CWE-732 Incorrect Permission Assignment for Critical Resource"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-03T19:35:22.308327Z", "id": "CVE-2026-2915", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-03T19:36:10.534Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2915", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-03T19:35:22.308327Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-276", "description": "CWE-276 Incorrect Default Permissions"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-732", "description": "CWE-732 Incorrect Permission Assignment for Critical Resource"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-03T19:35:40.934Z"}}], "cna": {"title": "HP System Event Utility \u2013 Denial of Service", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.2, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "HP Inc", "product": "HP System Event Utility", "versions": [{"status": "affected", "version": "0", "lessThan": "3.2.16", "versionType": "custom"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}], "references": [{"url": "https://support.hp.com/us-en/document/ish_14271963-14271996-16/hpsbgn04097"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "HP System Event Utility might allow denial of service with elevated arbitrary file writes. This potential vulnerability was\n remediated with HP System Event Utility version 3.2.16.", "supportingMedia": [{"type": "text/html", "value": "HP System Event Utility might allow denial of service with elevated arbitrary file writes. This potential vulnerability was\n remediated with HP System Event Utility version 3.2.16.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "HP System Event Utility \u2013 Denial of Service"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hp_inc:hp_system_event_utility:*:*:windows:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "3.2.16", "versionStartIncluding": "0"}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2", "shortName": "hp", "dateUpdated": "2026-03-03T19:25:56.542Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2915", "state": "PUBLISHED", "dateUpdated": "2026-03-03T19:36:10.534Z", "dateReserved": "2026-02-20T20:33:06.903Z", "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2", "datePublished": "2026-03-03T19:25:56.542Z", "assignerShortName": "hp"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "HP System Event Utility might allow denial of service with elevated arbitrary file writes. This potential vulnerability was\n remediated with HP System Event Utility version 3.2.16."}], "id": "CVE-2026-2915", "lastModified": "2026-03-03T20:16:49.980", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.2, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "hp-security-alert@hp.com", "type": "Secondary"}]}, "published": "2026-03-03T20:16:49.980", "references": [{"source": "hp-security-alert@hp.com", "url": "https://support.hp.com/us-en/document/ish_14271963-14271996-16/hpsbgn04097"}], "sourceIdentifier": "hp-security-alert@hp.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}, {"lang": "en", "value": "CWE-732"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}