CVE-2023-28091

HPE OneView virtual appliance "Migrate server hardware" option may expose sensitive information in an HPE OneView support dump

CVE-2023-30908

A remote authentication bypass issue exists in a OneView API.

CVE-2022-23699

A local authentication restriction bypass vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.

CVE-2022-28616

A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.

CVE-2022-23700

A local unauthorized read access to files vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.

CVE-2022-23706

A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.

CVE-2022-23697

A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.

CVE-2022-28617

A remote bypass security restrictions vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.

CVE-2022-23698

A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.

CVE-2024-42508

This vulnerability could be exploited, leading to unauthorized disclosure of information to authenticated users.

CVE-2020-7198

There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer. HPE has provided updates to Oneview and Synergy Composer: Update to version 5.5 of OneView, Composer, or Composer2.

CVE-2022-28625

A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): Prior to 7.0 or 6.60.01. A low privileged user could locally exploit this vulnerability to disclose sensitive information resulting in a complete loss of confidentiality, integrity, and availability....

CVE-2023-28088

An HPE OneView appliance dump may expose SAN switch administrative credentials

CVE-2023-28089

An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules

CVE-2023-28084

HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens

CVE-2023-28090

An HPE OneView appliance dump may expose SNMPv3 read credentials

CVE-2023-30909

A remote authentication bypass issue exists in someOneView APIs.

CVE-2023-28086

An HPE OneView appliance dump may expose proxy credential settings

CVE-2014-2602

Unspecified vulnerability in HP OneView 1.0 and 1.01 allows remote authenticated users to gain privileges via unknown vectors.

CVE-2023-28087

An HPE OneView appliance dump may expose OneView user accounts

CVE-2023-50274

HPE OneView may allow command injection with local privilege escalation.

CVE-2023-6573

HPE OneView may have a missing passphrase during restore.

CVE-2023-50275

HPE OneView may allow clusterService Authentication Bypass resulting in denial of service.