HP Oneview

Auth Info Disclosure CVE-2024-42508
CVE-2024-42508 5.5 - Medium - October 18, 2024

This vulnerability could be exploited, leading to unauthorized disclosure of information to authenticated users.

HPE OneView: Missing Passphrase During Restore
CVE-2023-6573 5.5 - Medium - January 23, 2024

HPE OneView may have a missing passphrase during restore.

HPE OneView: Local Privilege Escalation via Command Injection
CVE-2023-50274 7.8 - High - January 23, 2024

HPE OneView may allow command injection with local privilege escalation.

Command Injection

HPE OneView clusterService Auth Bypass causing DoS
CVE-2023-50275 7.5 - High - January 23, 2024

HPE OneView may allow clusterService Authentication Bypass resulting in denial of service.

authentification

Remote Auth Bypass in HPE OneView APIs
CVE-2023-30909 9.8 - Critical - September 14, 2023

A remote authentication bypass issue exists in some OneView APIs.

HPE OneView: Auth Bypass via API (CVE-2023-30908)
CVE-2023-30908 9.8 - Critical - September 07, 2023

A remote authentication bypass issue exists in a OneView API.

HPE OneView token exposure via appliance dump
CVE-2023-28084 5.5 - Medium - April 25, 2023

HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens

Insufficiently Protected Credentials

HPE OneView Dump Exposes FTP Credentials (CVE-2023-28089)
CVE-2023-28089 7.1 - High - April 25, 2023

An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules

Insufficiently Protected Credentials

HPE OneView Proxy Credential Dump Exposes Proxy Settings
CVE-2023-28086 5.5 - Medium - April 25, 2023

An HPE OneView appliance dump may expose proxy credential settings

HPE OneView user accounts exposed via appliance dump
CVE-2023-28087 5.5 - Medium - April 25, 2023

An HPE OneView appliance dump may expose OneView user accounts

CVE-2023-28088: HPE OneView Buffer Dump Exposes SAN Switch Admin Credentials
CVE-2023-28088 7.8 - High - April 25, 2023

An HPE OneView appliance dump may expose SAN switch administrative credentials

Insufficiently Protected Credentials

HPE OneView Appliance SNMPv3 Credentials Exposed via Dump
CVE-2023-28090 5.5 - Medium - April 25, 2023

An HPE OneView appliance dump may expose SNMPv3 read credentials

Insufficiently Protected Credentials

HPE OneView VA: Data Leak in Support Dump via Migrate Server Hardware
CVE-2023-28091 5.5 - Medium - April 14, 2023

HPE OneView virtual appliance "Migrate server hardware" option may expose sensitive information in an HPE OneView support dump

Local Info Disclosure via External Repo Credentials in HPE OneView <7.0/6.60.01
CVE-2022-28625 5.5 - Medium - August 31, 2022

A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): Prior to 7.0 or 6.60.01. A low privileged user could locally exploit this vulnerability to disclose sensitive information resulting in a complete loss of confidentiality, integrity, and availability. To exploit this vulnerability, HPE OneView must be configured with credential access to external repositories. HPE has provided a software update to resolve this vulnerability in HPE OneView.

Insertion of Sensitive Information into Log File

A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s): Prior to 7.0
CVE-2022-28616 9.8 - Critical - May 17, 2022

A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.

SSRF

A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 7.0
CVE-2022-23706 6.1 - Medium - May 17, 2022

A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.

XSS

A remote bypass security restrictions vulnerability was discovered in HPE OneView version(s): Prior to 7.0
CVE-2022-28617 9.8 - Critical - May 17, 2022

A remote bypass security restrictions vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.

A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView version(s): Prior to 6.6
CVE-2022-23698 7.5 - High - April 04, 2022

A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.

A local authentication restriction bypass vulnerability was discovered in HPE OneView version(s): Prior to 6.6
CVE-2022-23699 7.8 - High - April 04, 2022

A local authentication restriction bypass vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.

A local unauthorized read access to files vulnerability was discovered in HPE OneView version(s): Prior to 6.6
CVE-2022-23700 5.5 - Medium - April 04, 2022

A local unauthorized read access to files vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.

A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 6.6
CVE-2022-23697 6.1 - Medium - April 04, 2022

A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.

XSS

There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer
CVE-2020-7198 - November 06, 2020

There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer. HPE has provided updates to Oneview and Synergy Composer: Update to version 5.5 of OneView, Composer, or Composer2.