HP Oneview

Do you want an email whenever new security vulnerabilities are reported in HP Oneview?

By the Year

In 2023 there have been 9 vulnerabilities in HP Oneview with an average score of 6.9 out of ten. Last year Oneview had 8 security vulnerabilities published. That is, 1 more vulnerability have already been reported in 2023 as compared to last year. Last year, the average CVE base score was greater by 0.37

Year	Vulnerabilities	Average Score
2023	9	6.89
2022	8	7.26
2021	0	0.00
2020	1	8.80
2019	0	0.00
2018	0	0.00

It may take a day or so for new Oneview vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent HP Oneview Security Vulnerabilities

A remote authentication bypass issue exists in some OneView APIs.

CVE-2023-30909 9.8 - Critical - September 14, 2023

A remote authentication bypass issue exists in some OneView APIs.

A remote authentication bypass issue exists in a OneView API.

CVE-2023-30908 9.8 - Critical - September 07, 2023

A remote authentication bypass issue exists in a OneView API.

HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens

CVE-2023-28084 5.5 - Medium - April 25, 2023

HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens

Insufficiently Protected Credentials

An HPE OneView appliance dump may expose proxy credential settings

CVE-2023-28086 5.5 - Medium - April 25, 2023

An HPE OneView appliance dump may expose proxy credential settings

An HPE OneView appliance dump may expose OneView user accounts

CVE-2023-28087 5.5 - Medium - April 25, 2023

An HPE OneView appliance dump may expose OneView user accounts

An HPE OneView appliance dump may expose SAN switch administrative credentials

CVE-2023-28088 7.8 - High - April 25, 2023

An HPE OneView appliance dump may expose SAN switch administrative credentials

Insufficiently Protected Credentials

An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules

CVE-2023-28089 7.1 - High - April 25, 2023

An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules

Insufficiently Protected Credentials

An HPE OneView appliance dump may expose SNMPv3 read credentials

CVE-2023-28090 5.5 - Medium - April 25, 2023

An HPE OneView appliance dump may expose SNMPv3 read credentials

Insufficiently Protected Credentials

HPE OneView virtual appliance "Migrate server hardware" option may expose sensitive information in an HPE OneView support dump

CVE-2023-28091 5.5 - Medium - April 14, 2023

HPE OneView virtual appliance "Migrate server hardware" option may expose sensitive information in an HPE OneView support dump

A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): Prior to 7.0 or 6.60.01

CVE-2022-28625 5.5 - Medium - August 31, 2022

A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): Prior to 7.0 or 6.60.01. A low privileged user could locally exploit this vulnerability to disclose sensitive information resulting in a complete loss of confidentiality, integrity, and availability. To exploit this vulnerability, HPE OneView must be configured with credential access to external repositories. HPE has provided a software update to resolve this vulnerability in HPE OneView.

Insertion of Sensitive Information into Log File

A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s): Prior to 7.0

CVE-2022-28616 9.8 - Critical - May 17, 2022

A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.

XSPA

A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 7.0

CVE-2022-23706 6.1 - Medium - May 17, 2022

A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.

XSS

A remote bypass security restrictions vulnerability was discovered in HPE OneView version(s): Prior to 7.0

CVE-2022-28617 9.8 - Critical - May 17, 2022

A remote bypass security restrictions vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.

A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView version(s): Prior to 6.6

CVE-2022-23698 7.5 - High - April 04, 2022

A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.

A local authentication restriction bypass vulnerability was discovered in HPE OneView version(s): Prior to 6.6

CVE-2022-23699 7.8 - High - April 04, 2022

A local authentication restriction bypass vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.

A local unauthorized read access to files vulnerability was discovered in HPE OneView version(s): Prior to 6.6

CVE-2022-23700 5.5 - Medium - April 04, 2022

A local unauthorized read access to files vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.

A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 6.6

CVE-2022-23697 6.1 - Medium - April 04, 2022

A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.

XSS

There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer

CVE-2020-7198 8.8 - High - November 06, 2020

There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer. HPE has provided updates to Oneview and Synergy Composer: Update to version 5.5 of OneView, Composer, or Composer2.

Improper Privilege Management

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for HP Synergy Composer 2 or by HP? Click the Watch button to subscribe.

HP
Vendor

HP Oneview
Product

HP Oneview

By the Year

Recent HP Oneview Security Vulnerabilities

A remote authentication bypass issue exists in some OneView APIs. CVE-2023-30909 9.8 - Critical - September 14, 2023

A remote authentication bypass issue exists in a OneView API. CVE-2023-30908 9.8 - Critical - September 07, 2023

HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens CVE-2023-28084 5.5 - Medium - April 25, 2023

An HPE OneView appliance dump may expose proxy credential settings CVE-2023-28086 5.5 - Medium - April 25, 2023

An HPE OneView appliance dump may expose OneView user accounts CVE-2023-28087 5.5 - Medium - April 25, 2023

An HPE OneView appliance dump may expose SAN switch administrative credentials CVE-2023-28088 7.8 - High - April 25, 2023

An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules CVE-2023-28089 7.1 - High - April 25, 2023

An HPE OneView appliance dump may expose SNMPv3 read credentials CVE-2023-28090 5.5 - Medium - April 25, 2023

HPE OneView virtual appliance "Migrate server hardware" option may expose sensitive information in an HPE OneView support dump CVE-2023-28091 5.5 - Medium - April 14, 2023

A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): Prior to 7.0 or 6.60.01 CVE-2022-28625 5.5 - Medium - August 31, 2022

A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s): Prior to 7.0 CVE-2022-28616 9.8 - Critical - May 17, 2022

A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 7.0 CVE-2022-23706 6.1 - Medium - May 17, 2022

A remote bypass security restrictions vulnerability was discovered in HPE OneView version(s): Prior to 7.0 CVE-2022-28617 9.8 - Critical - May 17, 2022

A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView version(s): Prior to 6.6 CVE-2022-23698 7.5 - High - April 04, 2022

A local authentication restriction bypass vulnerability was discovered in HPE OneView version(s): Prior to 6.6 CVE-2022-23699 7.8 - High - April 04, 2022

A local unauthorized read access to files vulnerability was discovered in HPE OneView version(s): Prior to 6.6 CVE-2022-23700 5.5 - Medium - April 04, 2022

A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 6.6 CVE-2022-23697 6.1 - Medium - April 04, 2022

There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer CVE-2020-7198 8.8 - High - November 06, 2020

Stay on top of Security Vulnerabilities

HP Vendor

HP OneviewProduct

A remote authentication bypass issue exists in some OneView APIs.

CVE-2023-30909 9.8 - Critical - September 14, 2023

A remote authentication bypass issue exists in a OneView API.

CVE-2023-30908 9.8 - Critical - September 07, 2023

HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens

CVE-2023-28084 5.5 - Medium - April 25, 2023

An HPE OneView appliance dump may expose proxy credential settings

CVE-2023-28086 5.5 - Medium - April 25, 2023

An HPE OneView appliance dump may expose OneView user accounts

CVE-2023-28087 5.5 - Medium - April 25, 2023

An HPE OneView appliance dump may expose SAN switch administrative credentials

CVE-2023-28088 7.8 - High - April 25, 2023

An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules

CVE-2023-28089 7.1 - High - April 25, 2023

An HPE OneView appliance dump may expose SNMPv3 read credentials

CVE-2023-28090 5.5 - Medium - April 25, 2023

HPE OneView virtual appliance "Migrate server hardware" option may expose sensitive information in an HPE OneView support dump

CVE-2023-28091 5.5 - Medium - April 14, 2023

A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): Prior to 7.0 or 6.60.01

CVE-2022-28625 5.5 - Medium - August 31, 2022

A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s): Prior to 7.0

CVE-2022-28616 9.8 - Critical - May 17, 2022

A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 7.0

CVE-2022-23706 6.1 - Medium - May 17, 2022

A remote bypass security restrictions vulnerability was discovered in HPE OneView version(s): Prior to 7.0

CVE-2022-28617 9.8 - Critical - May 17, 2022

A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView version(s): Prior to 6.6

CVE-2022-23698 7.5 - High - April 04, 2022

A local authentication restriction bypass vulnerability was discovered in HPE OneView version(s): Prior to 6.6

CVE-2022-23699 7.8 - High - April 04, 2022

A local unauthorized read access to files vulnerability was discovered in HPE OneView version(s): Prior to 6.6

CVE-2022-23700 5.5 - Medium - April 04, 2022

A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 6.6

CVE-2022-23697 6.1 - Medium - April 04, 2022

There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer

CVE-2020-7198 8.8 - High - November 06, 2020

HP
Vendor

HP Oneview
Product