HP Oneview

Do you want an email whenever new security vulnerabilities are reported in HP Oneview?

By the Year

In 2023 there have been 0 vulnerabilities in HP Oneview . Last year Oneview had 8 security vulnerabilities published. Right now, Oneview is on track to have less security vulnerabilities in 2023 than it did last year.

Year	Vulnerabilities	Average Score
2023	0	0.00
2022	8	7.26
2021	0	0.00
2020	1	8.80
2019	0	0.00
2018	0	0.00

It may take a day or so for new Oneview vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent HP Oneview Security Vulnerabilities

A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): Prior to 7.0 or 6.60.01

CVE-2022-28625 5.5 - Medium - August 31, 2022

A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): Prior to 7.0 or 6.60.01. A low privileged user could locally exploit this vulnerability to disclose sensitive information resulting in a complete loss of confidentiality, integrity, and availability. To exploit this vulnerability, HPE OneView must be configured with credential access to external repositories. HPE has provided a software update to resolve this vulnerability in HPE OneView.

Insertion of Sensitive Information into Log File

A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s): Prior to 7.0

CVE-2022-28616 9.8 - Critical - May 17, 2022

A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.

XSPA

A remote bypass security restrictions vulnerability was discovered in HPE OneView version(s): Prior to 7.0

CVE-2022-28617 9.8 - Critical - May 17, 2022

A remote bypass security restrictions vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.

authentification

A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 7.0

CVE-2022-23706 6.1 - Medium - May 17, 2022

A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.

XSS

A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 6.6

CVE-2022-23697 6.1 - Medium - April 04, 2022

A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.

XSS

A local unauthorized read access to files vulnerability was discovered in HPE OneView version(s): Prior to 6.6

CVE-2022-23700 5.5 - Medium - April 04, 2022

A local unauthorized read access to files vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.

AuthZ

A local authentication restriction bypass vulnerability was discovered in HPE OneView version(s): Prior to 6.6

CVE-2022-23699 7.8 - High - April 04, 2022

A local authentication restriction bypass vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.

authentification

A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView version(s): Prior to 6.6

CVE-2022-23698 7.5 - High - April 04, 2022

A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.

There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer

CVE-2020-7198 8.8 - High - November 06, 2020

There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer. HPE has provided updates to Oneview and Synergy Composer: Update to version 5.5 of OneView, Composer, or Composer2.

Improper Privilege Management

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for HP Synergy Composer 2 or by HP? Click the Watch button to subscribe.

HP
Vendor

HP Oneview
Product

HP Oneview

By the Year

Recent HP Oneview Security Vulnerabilities

A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): Prior to 7.0 or 6.60.01 CVE-2022-28625 5.5 - Medium - August 31, 2022

A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s): Prior to 7.0 CVE-2022-28616 9.8 - Critical - May 17, 2022

A remote bypass security restrictions vulnerability was discovered in HPE OneView version(s): Prior to 7.0 CVE-2022-28617 9.8 - Critical - May 17, 2022

A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 7.0 CVE-2022-23706 6.1 - Medium - May 17, 2022

A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 6.6 CVE-2022-23697 6.1 - Medium - April 04, 2022

A local unauthorized read access to files vulnerability was discovered in HPE OneView version(s): Prior to 6.6 CVE-2022-23700 5.5 - Medium - April 04, 2022

A local authentication restriction bypass vulnerability was discovered in HPE OneView version(s): Prior to 6.6 CVE-2022-23699 7.8 - High - April 04, 2022

A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView version(s): Prior to 6.6 CVE-2022-23698 7.5 - High - April 04, 2022

There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer CVE-2020-7198 8.8 - High - November 06, 2020