Lucene search
K
HpOneview

22 matches found

CVE
CVE
added 2023/04/14 2:4 p.m.226 views

CVE-2023-28091

CVE-2023-28091 concerns HPE OneView, specifically the virtual appliance. The vulnerability is tied to the option “Migrate server hardware,” which may cause exposure of sensitive information in an HPE OneView support dump. Publicly documented details indicate a likely impact to confidentiality wit...

5.5CVSS5.3AI score0.00192EPSS
CVE
CVE
added 2023/09/07 9:28 p.m.139 views

CVE-2023-30908

Mode: C CVE-2023-30908 is a remote authentication bypass in Hewlett Packard Enterprise OneView API. Public records consistently describe an authentication bypass vulnerability with high impact (CVSS 3.1 base score 9.8; Confidentiality, Integrity, Availability all High). Connected advisories indic...

9.8CVSS9.6AI score0.01216EPSS
CVE
CVE
added 2022/04/04 7:45 p.m.99 views

CVE-2022-23699

Summary: CVE-2022-23699 describes a local authentication restriction bypass in HPE OneView prior to version 6.6 . The issue stems from weaknesses in the authentication procedure, enabling bypass of authentication locally. The vendor has released a software update to resolve the vulnerability (upd...

7.8CVSS7.6AI score0.00276EPSS
CVE
CVE
added 2022/05/17 8:4 p.m.93 views

CVE-2022-28616

CVE-2022-28616 describes a server-side request forgery (SSRF) vulnerability in HPE OneView prior to 7.0. Affected product: HPE OneView. Root cause: unspecified in initial description, but remediation exists via a software update to resolve the vulnerability. Documents confirm a fix is provided by...

9.8CVSS9.3AI score0.01292EPSS
CVE
CVE
added 2022/04/04 7:45 p.m.87 views

CVE-2022-23700

CVE-2022-23700 affects HPE OneView prior to version 6.6, with a local unauthorized file read access vulnerability in the IT infrastructure management system. Public descriptions consistently cite that the issue arises from improper access restrictions allowing local read access from unauthorized ...

5.5CVSS5.1AI score0.00277EPSS
CVE
CVE
added 2022/05/17 8:1 p.m.84 views

CVE-2022-23706

Summary: CVE-2022-23706 is a remote cross-site scripting (XSS) vulnerability in HP Enterprise OneView, affecting versions prior to 7.0. The NVD entry indicates a patch/update is available from HP to resolve the vulnerability. The connected records consistently reference this XSS issue in HPE OneV...

6.1CVSS5.9AI score0.00662EPSS
CVE
CVE
added 2022/05/17 7:59 p.m.81 views

CVE-2022-28617

CVE-2022-28617 describes a remote bypass security restrictions vulnerability in Hewlett Packard Enterprise OneView, with affected versions prior to 7.0. The issue allows bypassing some security restrictions via a remote vector, leading to potential unauthorized access or impact on confidentiality...

9.8CVSS9.3AI score0.01929EPSS
CVE
CVE
added 2022/04/04 7:45 p.m.80 views

CVE-2022-23697

CVE-2022-23697 is a remote cross-site scripting vulnerability in HPE OneView, affecting versions prior to 6.6. The issue stems from insufficient data validation/filtering of user-supplied data, leading to possible client-side JavaScript execution. HPE has issued a software update to resolve the v...

6.1CVSS5.9AI score0.00696EPSS
CVE
CVE
added 2022/04/04 7:45 p.m.77 views

CVE-2022-23698

The CVE-2022-23698 issue affects HPE OneView prior to version 6.6. It is a remote, unauthenticated information-disclosure vulnerability in OneView (information leakage). The available sources state that HPE has provided a software update to resolve the vulnerability, with no exploitation details ...

7.5CVSS7.3AI score0.01353EPSS
CVE
CVE
added 2022/08/31 3:59 p.m.57 views

CVE-2022-28625

The CVE-2022-28625 entry concerns HPE OneView prior to 7.0 or 6.60.01. A local disclosure vulnerability allows a low-privileged user to reveal sensitive information if the system is configured with credential access to external repositories. The impact is described as a complete loss of confident...

5.5CVSS5AI score0.00206EPSS
CVE
CVE
added 2023/04/25 6:43 p.m.57 views

CVE-2023-28088

The CVE-2023-28088 issue affects HPE OneView appliances, stemming from an appliance dump that could expose SAN switch administrative credentials. Documented details show a CVSSv3.1 base score of 7.8 (HIGH), with local attack vector, low attack complexity, and privileges required as LOW; user inte...

7.8CVSS7.6AI score0.00172EPSS
CVE
CVE
added 2020/11/06 2:14 p.m.55 views

CVE-2020-7198

CVE-2020-7198 affects HPE OneView and HPE Synergy Composer. A remote escalation of privilege is possible for a malicious user who has a OneView account in OneView and Synergy Composer. The connected Red Hat, CNVD, CNVD-like, and CVE records confirm the impact as a remote privilege escalation and ...

8.8CVSS9AI score0.0203EPSS
CVE
CVE
added 2023/04/25 6:44 p.m.53 views

CVE-2023-28089

CVE-2023-28089 affects HPE OneView appliances. Affected component: the OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules. Root cause details are not provided in the supplied documents. Impact stated: exposure of FTP credentials; CVSS metrics indicate high confidenti...

7.1CVSS7AI score0.0017EPSS
CVE
CVE
added 2023/04/25 6:41 p.m.49 views

CVE-2023-28087

CVE-2023-28087 concerns an exposure risk in HPE OneView appliances where a dump could reveal OneView user accounts. Multiple sources (NVD, Red Hat, CNNVD, PRION) consistently describe the issue as leaking user credentials via appliance dumps, affecting OneView environments prior to a fixed releas...

5.5CVSS5.5AI score0.0017EPSS
CVE
CVE
added 2023/04/25 6:45 p.m.49 views

CVE-2023-28090

CVE-2023-28090 affects HPE OneView appliances where a device dump could expose SNMPv3 read credentials. From CNNVD and Red Hat/NVD records, the issue exists in OneView prior to version 8.2, with a confidentiality impact (C)High and local attack vector. The connected documents do not provide a con...

5.5CVSS5.5AI score0.0017EPSS
CVE
CVE
added 2023/09/14 2:56 p.m.49 views

CVE-2023-30909

CVE-2023-30909 is an authentication bypass vulnerability in Hewlett Packard Enterprise OneView APIs. Multiple sources (NVD entry and NCSC advisory) describe a remote authentication bypass that can lead to unauthenticated access to sensitive data. The NCSC advisory confirms fixes in OneView 8.30.0...

9.8CVSS9.5AI score0.01065EPSS
CVE
CVE
added 2023/04/25 7:0 p.m.48 views

CVE-2023-28084

CVE-2023-28084 concerns HPE OneView and HPE OneView Global Dashboard appliances. The connected sources confirm that a device dump could expose authentication tokens, constituting a confidentiality impact described as high. The affected components are HPE OneView and HPE OneView Global Dashboard a...

5.5CVSS5.7AI score0.00188EPSS
CVE
CVE
added 2023/04/25 6:39 p.m.47 views

CVE-2023-28086

The CVE-2023-28086 entry involves Hewlett Packard Enterprise OneView. Affected component: HPE OneView appliance dump that may expose proxy credential settings. Underlying issue is exposure of stored proxy credentials through the appliance dump; the reports do not detail a fix or affected software...

5.5CVSS5.5AI score0.0017EPSS
CVE
CVE
added 2014/05/08 10:0 a.m.45 views

CVE-2014-2602

HP OneView CVE-2014-2602 describes a remote privilege-escalation vulnerability affecting HP OneView versions 1.0 and 1.01, exploitable by remote authenticated users via unknown vectors. A fix is provided in HP OneView 1.05 and later via the Update Appliance mechanism; upgrading is advised for aff...

6.5CVSS6.6AI score0.02009EPSS
CVE
CVE
added 2024/01/23 5:2 p.m.42 views

CVE-2023-50274

CVE-2023-50274 affects Hewlett Packard Enterprise OneView. The confirmed issue is a command injection with local privilege escalation. The explicit root cause described by the connected ZDI advisory is a flaw in the startUpgradeCommon method where a user-supplied string is not properly validated ...

7.8CVSS7.8AI score0.00689EPSS
CVE
CVE
added 2024/01/23 5:13 p.m.41 views

CVE-2023-6573

Summary: CVE-2023-6573 affects Hewlett Packard Enterprise OneView due to a missing passphrase during the restore process. The NVD entry assigns a CVSSv3.1 base score of 5.5 (Medium) with Local attack vector, Low attack complexity, no privileges required, and user interaction needed; confidentiali...

5.5CVSS5.5AI score0.00187EPSS
CVE
CVE
added 2024/01/23 5:9 p.m.37 views

CVE-2023-50275

HPE OneView’s clusterService exposes an authentication bypass that can be exploited remotely to cause DoS. The vulnerability arises from inadequate validation of the attacker’s IP, exposing a function intended for loopback-only use, enabling a denial-of-service without authentication. Affected pr...

7.5CVSS7.5AI score0.01005EPSS