HP Oneview
By the Year
In 2023 there have been 0 vulnerabilities in HP Oneview . Last year Oneview had 8 security vulnerabilities published. Right now, Oneview is on track to have less security vulnerabilities in 2023 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2023 | 0 | 0.00 |
2022 | 8 | 7.26 |
2021 | 0 | 0.00 |
2020 | 1 | 8.80 |
2019 | 0 | 0.00 |
2018 | 0 | 0.00 |
It may take a day or so for new Oneview vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent HP Oneview Security Vulnerabilities
A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): Prior to 7.0 or 6.60.01
CVE-2022-28625
5.5 - Medium
- August 31, 2022
A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): Prior to 7.0 or 6.60.01. A low privileged user could locally exploit this vulnerability to disclose sensitive information resulting in a complete loss of confidentiality, integrity, and availability. To exploit this vulnerability, HPE OneView must be configured with credential access to external repositories. HPE has provided a software update to resolve this vulnerability in HPE OneView.
Insertion of Sensitive Information into Log File
A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s): Prior to 7.0
CVE-2022-28616
9.8 - Critical
- May 17, 2022
A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.
XSPA
A remote bypass security restrictions vulnerability was discovered in HPE OneView version(s): Prior to 7.0
CVE-2022-28617
9.8 - Critical
- May 17, 2022
A remote bypass security restrictions vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.
authentification
A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 7.0
CVE-2022-23706
6.1 - Medium
- May 17, 2022
A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.
XSS
A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 6.6
CVE-2022-23697
6.1 - Medium
- April 04, 2022
A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.
XSS
A local unauthorized read access to files vulnerability was discovered in HPE OneView version(s): Prior to 6.6
CVE-2022-23700
5.5 - Medium
- April 04, 2022
A local unauthorized read access to files vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.
AuthZ
A local authentication restriction bypass vulnerability was discovered in HPE OneView version(s): Prior to 6.6
CVE-2022-23699
7.8 - High
- April 04, 2022
A local authentication restriction bypass vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.
authentification
A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView version(s): Prior to 6.6
CVE-2022-23698
7.5 - High
- April 04, 2022
A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.
There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer
CVE-2020-7198
8.8 - High
- November 06, 2020
There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer. HPE has provided updates to Oneview and Synergy Composer: Update to version 5.5 of OneView, Composer, or Composer2.
Improper Privilege Management
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for HP Synergy Composer 2 or by HP? Click the Watch button to subscribe.
