{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2915", "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2", "state": "PUBLISHED", "assignerShortName": "hp", "dateReserved": "2026-02-20T20:33:06.903Z", "datePublished": "2026-03-03T19:25:56.542Z", "dateUpdated": "2026-03-03T19:36:10.534Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "HP System Event Utility", "vendor": "HP Inc", "versions": [{"lessThan": "3.2.16", "status": "affected", "version": "0", "versionType": "custom"}]}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hp_inc:hp_system_event_utility:*:*:windows:*:*:*:*:*", "versionEndExcluding": "3.2.16", "versionStartIncluding": "0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "HP System Event Utility might allow denial of service with elevated arbitrary file writes. This potential vulnerability was\n remediated with HP System Event Utility version 3.2.16."}], "value": "HP System Event Utility might allow denial of service with elevated arbitrary file writes. This potential vulnerability was\n remediated with HP System Event Utility version 3.2.16."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 5.2, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"description": "HP System Event Utility \u2013 Denial of Service", "lang": "en"}]}], "providerMetadata": {"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2", "shortName": "hp", "dateUpdated": "2026-03-03T19:25:56.542Z"}, "references": [{"url": "https://support.hp.com/us-en/document/ish_14271963-14271996-16/hpsbgn04097"}], "source": {"discovery": "UNKNOWN"}, "title": "HP System Event Utility \u2013 Denial of Service", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-276", "lang": "en", "description": "CWE-276 Incorrect Default Permissions"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-732", "lang": "en", "description": "CWE-732 Incorrect Permission Assignment for Critical Resource"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-03T19:35:22.308327Z", "id": "CVE-2026-2915", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-03T19:36:10.534Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2915", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-03T19:35:22.308327Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-276", "description": "CWE-276 Incorrect Default Permissions"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-732", "description": "CWE-732 Incorrect Permission Assignment for Critical Resource"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-03T19:35:40.934Z"}}], "cna": {"title": "HP System Event Utility \u2013 Denial of Service", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.2, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "HP Inc", "product": "HP System Event Utility", "versions": [{"status": "affected", "version": "0", "lessThan": "3.2.16", "versionType": "custom"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}], "references": [{"url": "https://support.hp.com/us-en/document/ish_14271963-14271996-16/hpsbgn04097"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "HP System Event Utility might allow denial of service with elevated arbitrary file writes. This potential vulnerability was\n remediated with HP System Event Utility version 3.2.16.", "supportingMedia": [{"type": "text/html", "value": "HP System Event Utility might allow denial of service with elevated arbitrary file writes. This potential vulnerability was\n remediated with HP System Event Utility version 3.2.16.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "HP System Event Utility \u2013 Denial of Service"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hp_inc:hp_system_event_utility:*:*:windows:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "3.2.16", "versionStartIncluding": "0"}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2", "shortName": "hp", "dateUpdated": "2026-03-03T19:25:56.542Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2915", "state": "PUBLISHED", "dateUpdated": "2026-03-03T19:36:10.534Z", "dateReserved": "2026-02-20T20:33:06.903Z", "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2", "datePublished": "2026-03-03T19:25:56.542Z", "assignerShortName": "hp"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hp:system_event_utility:*:*:*:*:*:*:*:*", "matchCriteriaId": "7ECE5E27-5BBD-4DB5-8D70-4A16D467C6E9", "versionEndExcluding": "3.2.16", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "HP System Event Utility might allow denial of service with elevated arbitrary file writes. This potential vulnerability was\n remediated with HP System Event Utility version 3.2.16."}], "id": "CVE-2026-2915", "lastModified": "2026-03-09T18:11:19.250", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.2, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "hp-security-alert@hp.com", "type": "Secondary"}]}, "published": "2026-03-03T20:16:49.980", "references": [{"source": "hp-security-alert@hp.com", "tags": ["Vendor Advisory"], "url": "https://support.hp.com/us-en/document/ish_14271963-14271996-16/hpsbgn04097"}], "sourceIdentifier": "hp-security-alert@hp.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}, {"lang": "en", "value": "CWE-732"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": ["windows"], "status": "affected", "versions": {"scheme": "semver", "value": "[0,3.2.16)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "HP System Event Utility", "source": "cna", "vendor": "HP Inc"}, "product": "system_event_utility", "vendor": "hp"}], "analysis": {"en": {"generated_at": "2026-04-17T13:20:58.866049+00:00", "value": {"mitigation_remediation": ["Upgrade HP System Event Utility to version 3.2.16 or later.", "Restrict the execution rights of the utility so it runs with the minimum privileges required for its functions.", "Ensure that critical configuration and system files used by the utility have permissions that prevent writes by non\u2011privileged users."], "summary": {"action": "Apply Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the HP System Event Utility from HP Inc. All released versions prior to 3.2.16 are impacted; the fix is delivered in version 3.2.16 and later releases.", "description_and_impact": "HP System Event Utility contains a flaw that permits an attacker with sufficient privileges to perform arbitrary file writes. The ability to overwrite or create files can disrupt the utility\u2019s operation, causing it to stop functioning and effectively denying availability of the service. This issue is categorized as a permission and privilege escalation weakness, mapped to the CWE identifiers controlling write permissions and incorrect permission assignments.", "risk_and_exploitability": "The assessed CVSS score of 5.2 reflects moderate risk, and the EPSS indicates an exploitation probability of less than 1\u202f%. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. Based on the description, it is inferred that an attacker must be able to execute code with elevated privileges on the system to achieve arbitrary file writes, suggesting a local or privilege\u2011escalated attack vector rather than remote exploitation. Given the low likelihood of widespread exploitation, the overall risk is moderate but should be mitigated promptly."}}}}, "created": "2026-03-04T14:54:08.957965+00:00", "updated": "2026-04-17T13:30:19.598323+00:00", "vendors": ["hp", "hp$PRODUCT$system_event_utility"]}