CVE-2023-28084

HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens...

CVE-2023-28090

An HPE OneView appliance dump may expose SNMPv3 read credentials...

CVE-2023-28089

An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules...

CVE-2023-28088

An HPE OneView appliance dump may expose SAN switch administrative credentials...

CVE-2023-28085

An HPE OneView Global Dashboard OVGD appliance dump may expose OVGD user account credentials...

CVE-2023-28087

An HPE OneView appliance dump may expose OneView user accounts...

CVE-2022-28616

A remote server-side request forgery ssrf vulnerability was discovered in HPE OneView versions: Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView...

CVE-2022-28625

A local disclosure of sensitive information vulnerability was discovered in HPE OneView versions: Prior to 7.0 or 6.60.01. A low privileged user could locally exploit this vulnerability to disclose sensitive information resulting in a complete loss of confidentiality, integrity, and availability...

CVE-2022-28617

A remote bypass security restrictions vulnerability was discovered in HPE OneView versions: Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView...

CVE-2022-23706

A remote cross-site scripting xss vulnerability was discovered in HPE OneView versions: Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView...

CVE-2021-26585

A potential vulnerability has been identified in HPE OneView Global Dashboard release 2.31 which could lead to a local disclosure of privileged information. HPE has provided an update to OneView Global Dashboard. The issue is resolved in 2.32...

CVE-2021-29217

A remote URL redirection vulnerability was discovered in HPE OneView Global Dashboard versions: Prior to 2.5. HPE has provided a software update to resolve this vulnerability in HPE OneView Global Dashboard...

CVE-2021-26584

A security vulnerability in HPE OneView for VMware vCenter OV4VC could be exploited remotely to allow Cross-Site Scripting. HPE has released the following software update to resolve the vulnerability in HPE OneView for VMware vCenter OV4VC...

CVE-2021-29216

A remote cross-site scripting vulnerability was discovered in HPE OneView Global Dashboard versions: Prior to 2.5. HPE has provided a software update to resolve this vulnerability in HPE OneView Global Dashboard...

CVE-2020-7130

HPE OneView Global Dashboard OVGD 1.9 has a remote information disclosure vulnerability. HPE OneView Global Dashboard - After Upgrade or Install of OVGD Version 1.9, Appliance Firewall May Leave Ports Open. This is resolved in OVGD 1.91 or later...

Hewlett Packard Enterprise OneView 安全漏洞

Hewlett Packard Enterprise OneView is a software from Hewlett Packard Enterprise that facilitates automated device management for IT departments. A security vulnerability exists in Hewlett Packard Enterprise OneView versions prior to 9.20 that stems from an information disclosure issue that could...

A week in security (September 23 – September 29)

Last week on Malwarebytes Labs: Millions of Kia vehicles were vulnerable to remote attacks with just a license plate number Privacy watchdog files complaint over Firefox quietly enabling its Privacy Preserving Attribution Telegram will hand over user details to law enforcement Don’t share the vir...

Hewlett Packard Enterprise OneView clusterService Authentication Bypass Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Hewlett Packard Enterprise OneView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the clusterService. The issue results from the lack of...

Hewlett Packard Enterprise OneView Apache Server-Side Request Forgery Vulnerability

This vulnerability allows remote attackers to initiate arbitrary server-side requests on affected installations of Hewlett Packard Enterprise OneView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the REST service, which listens on TCP port 443 by...

Hewlett Packard Enterprise OneView startUpgradeCommon Command Injection Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges code on affected installations of Hewlett Packard Enterprise OneView. An attacker must first obtain the ability to execute low-privileged code on the target system or send an HTTP request to a local service in order to exploit this...