HP Oneview
By the Year
In 2024 there have been 3 vulnerabilities in HP Oneview with an average score of 6.9 out of ten. Last year Oneview had 9 security vulnerabilities published. At the current rates, it appears that the number of vulnerabilities last year and this year may equal out. However, the average CVE base score of the vulnerabilities in 2024 is greater by 0.04.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 3 | 6.93 |
| 2023 | 9 | 6.89 |
| 2022 | 8 | 7.26 |
| 2021 | 0 | 0.00 |
| 2020 | 1 | 8.80 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Oneview vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent HP Oneview Security Vulnerabilities
HPE OneView may have a missing passphrase during restore.
CVE-2023-6573
5.5 - Medium
- January 23, 2024
HPE OneView may have a missing passphrase during restore.
HPE OneView may allow command injection with local privilege escalation.
CVE-2023-50274
7.8 - High
- January 23, 2024
HPE OneView may allow command injection with local privilege escalation.
Command Injection
HPE OneView may allow clusterService Authentication Bypass resulting in denial of service.
CVE-2023-50275
7.5 - High
- January 23, 2024
HPE OneView may allow clusterService Authentication Bypass resulting in denial of service.
authentification
A remote authentication bypass issue exists in some
OneView APIs.
CVE-2023-30909
9.8 - Critical
- September 14, 2023
A remote authentication bypass issue exists in some OneView APIs.
A remote authentication bypass issue exists in a OneView API.
CVE-2023-30908
9.8 - Critical
- September 07, 2023
A remote authentication bypass issue exists in a OneView API.
HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens
CVE-2023-28084
5.5 - Medium
- April 25, 2023
HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens
Insufficiently Protected Credentials
An HPE OneView appliance dump may expose SNMPv3 read credentials
CVE-2023-28090
5.5 - Medium
- April 25, 2023
An HPE OneView appliance dump may expose SNMPv3 read credentials
Insufficiently Protected Credentials
An HPE OneView appliance dump may expose proxy credential settings
CVE-2023-28086
5.5 - Medium
- April 25, 2023
An HPE OneView appliance dump may expose proxy credential settings
An HPE OneView appliance dump may expose OneView user accounts
CVE-2023-28087
5.5 - Medium
- April 25, 2023
An HPE OneView appliance dump may expose OneView user accounts
An HPE OneView appliance dump may expose SAN switch administrative credentials
CVE-2023-28088
7.8 - High
- April 25, 2023
An HPE OneView appliance dump may expose SAN switch administrative credentials
Insufficiently Protected Credentials
An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules
CVE-2023-28089
7.1 - High
- April 25, 2023
An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules
Insufficiently Protected Credentials
HPE OneView virtual appliance "Migrate server hardware" option may expose sensitive information in an HPE OneView support dump
CVE-2023-28091
5.5 - Medium
- April 14, 2023
HPE OneView virtual appliance "Migrate server hardware" option may expose sensitive information in an HPE OneView support dump
A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): Prior to 7.0 or 6.60.01
CVE-2022-28625
5.5 - Medium
- August 31, 2022
A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): Prior to 7.0 or 6.60.01. A low privileged user could locally exploit this vulnerability to disclose sensitive information resulting in a complete loss of confidentiality, integrity, and availability. To exploit this vulnerability, HPE OneView must be configured with credential access to external repositories. HPE has provided a software update to resolve this vulnerability in HPE OneView.
Insertion of Sensitive Information into Log File
A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s): Prior to 7.0
CVE-2022-28616
9.8 - Critical
- May 17, 2022
A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.
XSPA
A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 7.0
CVE-2022-23706
6.1 - Medium
- May 17, 2022
A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.
XSS
A remote bypass security restrictions vulnerability was discovered in HPE OneView version(s): Prior to 7.0
CVE-2022-28617
9.8 - Critical
- May 17, 2022
A remote bypass security restrictions vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.
A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView version(s): Prior to 6.6
CVE-2022-23698
7.5 - High
- April 04, 2022
A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.
A local authentication restriction bypass vulnerability was discovered in HPE OneView version(s): Prior to 6.6
CVE-2022-23699
7.8 - High
- April 04, 2022
A local authentication restriction bypass vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.
A local unauthorized read access to files vulnerability was discovered in HPE OneView version(s): Prior to 6.6
CVE-2022-23700
5.5 - Medium
- April 04, 2022
A local unauthorized read access to files vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.
A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 6.6
CVE-2022-23697
6.1 - Medium
- April 04, 2022
A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.
XSS
There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer
CVE-2020-7198
8.8 - High
- November 06, 2020
There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer. HPE has provided updates to Oneview and Synergy Composer: Update to version 5.5 of OneView, Composer, or Composer2.
Improper Privilege Management
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for HP Synergy Composer 2 or by HP? Click the Watch button to subscribe.
