22 matches found
CVE-2023-28091
CVE-2023-28091 concerns HPE OneView, specifically the virtual appliance. The vulnerability is tied to the option “Migrate server hardware,” which may cause exposure of sensitive information in an HPE OneView support dump. Publicly documented details indicate a likely impact to confidentiality wit...
CVE-2023-30908
Mode: C CVE-2023-30908 is a remote authentication bypass in Hewlett Packard Enterprise OneView API. Public records consistently describe an authentication bypass vulnerability with high impact (CVSS 3.1 base score 9.8; Confidentiality, Integrity, Availability all High). Connected advisories indic...
CVE-2022-23699
Summary: CVE-2022-23699 describes a local authentication restriction bypass in HPE OneView prior to version 6.6 . The issue stems from weaknesses in the authentication procedure, enabling bypass of authentication locally. The vendor has released a software update to resolve the vulnerability (upd...
CVE-2022-28616
CVE-2022-28616 describes a server-side request forgery (SSRF) vulnerability in HPE OneView prior to 7.0. Affected product: HPE OneView. Root cause: unspecified in initial description, but remediation exists via a software update to resolve the vulnerability. Documents confirm a fix is provided by...
CVE-2022-23700
CVE-2022-23700 affects HPE OneView prior to version 6.6, with a local unauthorized file read access vulnerability in the IT infrastructure management system. Public descriptions consistently cite that the issue arises from improper access restrictions allowing local read access from unauthorized ...
CVE-2022-23706
Summary: CVE-2022-23706 is a remote cross-site scripting (XSS) vulnerability in HP Enterprise OneView, affecting versions prior to 7.0. The NVD entry indicates a patch/update is available from HP to resolve the vulnerability. The connected records consistently reference this XSS issue in HPE OneV...
CVE-2022-28617
CVE-2022-28617 describes a remote bypass security restrictions vulnerability in Hewlett Packard Enterprise OneView, with affected versions prior to 7.0. The issue allows bypassing some security restrictions via a remote vector, leading to potential unauthorized access or impact on confidentiality...
CVE-2022-23697
CVE-2022-23697 is a remote cross-site scripting vulnerability in HPE OneView, affecting versions prior to 6.6. The issue stems from insufficient data validation/filtering of user-supplied data, leading to possible client-side JavaScript execution. HPE has issued a software update to resolve the v...
CVE-2022-23698
The CVE-2022-23698 issue affects HPE OneView prior to version 6.6. It is a remote, unauthenticated information-disclosure vulnerability in OneView (information leakage). The available sources state that HPE has provided a software update to resolve the vulnerability, with no exploitation details ...
CVE-2022-28625
The CVE-2022-28625 entry concerns HPE OneView prior to 7.0 or 6.60.01. A local disclosure vulnerability allows a low-privileged user to reveal sensitive information if the system is configured with credential access to external repositories. The impact is described as a complete loss of confident...
CVE-2023-28088
The CVE-2023-28088 issue affects HPE OneView appliances, stemming from an appliance dump that could expose SAN switch administrative credentials. Documented details show a CVSSv3.1 base score of 7.8 (HIGH), with local attack vector, low attack complexity, and privileges required as LOW; user inte...
CVE-2020-7198
CVE-2020-7198 affects HPE OneView and HPE Synergy Composer. A remote escalation of privilege is possible for a malicious user who has a OneView account in OneView and Synergy Composer. The connected Red Hat, CNVD, CNVD-like, and CVE records confirm the impact as a remote privilege escalation and ...
CVE-2023-28089
CVE-2023-28089 affects HPE OneView appliances. Affected component: the OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules. Root cause details are not provided in the supplied documents. Impact stated: exposure of FTP credentials; CVSS metrics indicate high confidenti...
CVE-2023-28087
CVE-2023-28087 concerns an exposure risk in HPE OneView appliances where a dump could reveal OneView user accounts. Multiple sources (NVD, Red Hat, CNNVD, PRION) consistently describe the issue as leaking user credentials via appliance dumps, affecting OneView environments prior to a fixed releas...
CVE-2023-28090
CVE-2023-28090 affects HPE OneView appliances where a device dump could expose SNMPv3 read credentials. From CNNVD and Red Hat/NVD records, the issue exists in OneView prior to version 8.2, with a confidentiality impact (C)High and local attack vector. The connected documents do not provide a con...
CVE-2023-30909
CVE-2023-30909 is an authentication bypass vulnerability in Hewlett Packard Enterprise OneView APIs. Multiple sources (NVD entry and NCSC advisory) describe a remote authentication bypass that can lead to unauthenticated access to sensitive data. The NCSC advisory confirms fixes in OneView 8.30.0...
CVE-2023-28084
CVE-2023-28084 concerns HPE OneView and HPE OneView Global Dashboard appliances. The connected sources confirm that a device dump could expose authentication tokens, constituting a confidentiality impact described as high. The affected components are HPE OneView and HPE OneView Global Dashboard a...
CVE-2023-28086
The CVE-2023-28086 entry involves Hewlett Packard Enterprise OneView. Affected component: HPE OneView appliance dump that may expose proxy credential settings. Underlying issue is exposure of stored proxy credentials through the appliance dump; the reports do not detail a fix or affected software...
CVE-2014-2602
HP OneView CVE-2014-2602 describes a remote privilege-escalation vulnerability affecting HP OneView versions 1.0 and 1.01, exploitable by remote authenticated users via unknown vectors. A fix is provided in HP OneView 1.05 and later via the Update Appliance mechanism; upgrading is advised for aff...
CVE-2023-50274
CVE-2023-50274 affects Hewlett Packard Enterprise OneView. The confirmed issue is a command injection with local privilege escalation. The explicit root cause described by the connected ZDI advisory is a flaw in the startUpgradeCommon method where a user-supplied string is not properly validated ...
CVE-2023-6573
Summary: CVE-2023-6573 affects Hewlett Packard Enterprise OneView due to a missing passphrase during the restore process. The NVD entry assigns a CVSSv3.1 base score of 5.5 (Medium) with Local attack vector, Low attack complexity, no privileges required, and user interaction needed; confidentiali...
CVE-2023-50275
HPE OneView’s clusterService exposes an authentication bypass that can be exploited remotely to cause DoS. The vulnerability arises from inadequate validation of the attacker’s IP, exposing a function intended for loopback-only use, enabling a denial-of-service without authentication. Affected pr...