HP Oneview
By the Year
In 2023 there have been 9 vulnerabilities in HP Oneview with an average score of 6.9 out of ten. Last year Oneview had 8 security vulnerabilities published. That is, 1 more vulnerability have already been reported in 2023 as compared to last year. Last year, the average CVE base score was greater by 0.37
Year | Vulnerabilities | Average Score |
---|---|---|
2023 | 9 | 6.89 |
2022 | 8 | 7.26 |
2021 | 0 | 0.00 |
2020 | 1 | 8.80 |
2019 | 0 | 0.00 |
2018 | 0 | 0.00 |
It may take a day or so for new Oneview vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent HP Oneview Security Vulnerabilities
A remote authentication bypass issue exists in some
OneView APIs.
CVE-2023-30909
9.8 - Critical
- September 14, 2023
A remote authentication bypass issue exists in some OneView APIs.
A remote authentication bypass issue exists in a OneView API.
CVE-2023-30908
9.8 - Critical
- September 07, 2023
A remote authentication bypass issue exists in a OneView API.
HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens
CVE-2023-28084
5.5 - Medium
- April 25, 2023
HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens
Insufficiently Protected Credentials
An HPE OneView appliance dump may expose proxy credential settings
CVE-2023-28086
5.5 - Medium
- April 25, 2023
An HPE OneView appliance dump may expose proxy credential settings
An HPE OneView appliance dump may expose OneView user accounts
CVE-2023-28087
5.5 - Medium
- April 25, 2023
An HPE OneView appliance dump may expose OneView user accounts
An HPE OneView appliance dump may expose SAN switch administrative credentials
CVE-2023-28088
7.8 - High
- April 25, 2023
An HPE OneView appliance dump may expose SAN switch administrative credentials
Insufficiently Protected Credentials
An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules
CVE-2023-28089
7.1 - High
- April 25, 2023
An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules
Insufficiently Protected Credentials
An HPE OneView appliance dump may expose SNMPv3 read credentials
CVE-2023-28090
5.5 - Medium
- April 25, 2023
An HPE OneView appliance dump may expose SNMPv3 read credentials
Insufficiently Protected Credentials
HPE OneView virtual appliance "Migrate server hardware" option may expose sensitive information in an HPE OneView support dump
CVE-2023-28091
5.5 - Medium
- April 14, 2023
HPE OneView virtual appliance "Migrate server hardware" option may expose sensitive information in an HPE OneView support dump
A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): Prior to 7.0 or 6.60.01
CVE-2022-28625
5.5 - Medium
- August 31, 2022
A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): Prior to 7.0 or 6.60.01. A low privileged user could locally exploit this vulnerability to disclose sensitive information resulting in a complete loss of confidentiality, integrity, and availability. To exploit this vulnerability, HPE OneView must be configured with credential access to external repositories. HPE has provided a software update to resolve this vulnerability in HPE OneView.
Insertion of Sensitive Information into Log File
A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s): Prior to 7.0
CVE-2022-28616
9.8 - Critical
- May 17, 2022
A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.
XSPA
A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 7.0
CVE-2022-23706
6.1 - Medium
- May 17, 2022
A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.
XSS
A remote bypass security restrictions vulnerability was discovered in HPE OneView version(s): Prior to 7.0
CVE-2022-28617
9.8 - Critical
- May 17, 2022
A remote bypass security restrictions vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.
A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView version(s): Prior to 6.6
CVE-2022-23698
7.5 - High
- April 04, 2022
A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.
A local authentication restriction bypass vulnerability was discovered in HPE OneView version(s): Prior to 6.6
CVE-2022-23699
7.8 - High
- April 04, 2022
A local authentication restriction bypass vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.
A local unauthorized read access to files vulnerability was discovered in HPE OneView version(s): Prior to 6.6
CVE-2022-23700
5.5 - Medium
- April 04, 2022
A local unauthorized read access to files vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.
A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 6.6
CVE-2022-23697
6.1 - Medium
- April 04, 2022
A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.
XSS
There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer
CVE-2020-7198
8.8 - High
- November 06, 2020
There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer. HPE has provided updates to Oneview and Synergy Composer: Update to version 5.5 of OneView, Composer, or Composer2.
Improper Privilege Management
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for HP Synergy Composer 2 or by HP? Click the Watch button to subscribe.
