Vulnerabilities (CVE)

Filtered by vendor Hp Subscribe
Filtered by product Oneview
Total 23 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-6573 1 Hp 1 Oneview 2024-11-21 N/A 5.5 MEDIUM
HPE OneView may have a missing passphrase during restore.
CVE-2023-50275 1 Hp 1 Oneview 2024-11-21 N/A 7.5 HIGH
HPE OneView may allow clusterService Authentication Bypass resulting in denial of service.
CVE-2023-50274 1 Hp 1 Oneview 2024-11-21 N/A 7.8 HIGH
HPE OneView may allow command injection with local privilege escalation.
CVE-2023-30909 1 Hp 1 Oneview 2024-11-21 N/A 9.8 CRITICAL
A remote authentication bypass issue exists in some OneView APIs.
CVE-2023-30908 1 Hp 1 Oneview 2024-11-21 N/A 9.8 CRITICAL
A remote authentication bypass issue exists in a OneView API.
CVE-2023-28091 1 Hp 1 Oneview 2024-11-21 N/A 5.5 MEDIUM
HPE OneView virtual appliance "Migrate server hardware" option may expose sensitive information in an HPE OneView support dump
CVE-2023-28090 1 Hp 1 Oneview 2024-11-21 N/A 5.5 MEDIUM
An HPE OneView appliance dump may expose SNMPv3 read credentials
CVE-2023-28089 1 Hp 1 Oneview 2024-11-21 N/A 7.1 HIGH
An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules
CVE-2023-28088 1 Hp 1 Oneview 2024-11-21 N/A 7.8 HIGH
An HPE OneView appliance dump may expose SAN switch administrative credentials
CVE-2023-28087 1 Hp 1 Oneview 2024-11-21 N/A 5.5 MEDIUM
An HPE OneView appliance dump may expose OneView user accounts
CVE-2023-28086 1 Hp 1 Oneview 2024-11-21 N/A 5.5 MEDIUM
An HPE OneView appliance dump may expose proxy credential settings
CVE-2023-28084 2 Hp, Hpe 2 Oneview, Oneview Global Dashboard 2024-11-21 N/A 5.5 MEDIUM
HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens
CVE-2022-28625 1 Hp 1 Oneview 2024-11-21 N/A 5.5 MEDIUM
A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): Prior to 7.0 or 6.60.01. A low privileged user could locally exploit this vulnerability to disclose sensitive information resulting in a complete loss of confidentiality, integrity, and availability. To exploit this vulnerability, HPE OneView must be configured with credential access to external repositories. HPE has provided a software update to resolve this vulnerability in HPE OneView.
CVE-2022-28617 1 Hp 1 Oneview 2024-11-21 7.5 HIGH 9.8 CRITICAL
A remote bypass security restrictions vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.
CVE-2022-28616 1 Hp 1 Oneview 2024-11-21 7.5 HIGH 9.8 CRITICAL
A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.
CVE-2022-23706 1 Hp 1 Oneview 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.
CVE-2022-23700 1 Hp 1 Oneview 2024-11-21 2.1 LOW 5.5 MEDIUM
A local unauthorized read access to files vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.
CVE-2022-23699 1 Hp 1 Oneview 2024-11-21 4.6 MEDIUM 7.8 HIGH
A local authentication restriction bypass vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.
CVE-2022-23698 1 Hp 1 Oneview 2024-11-21 5.0 MEDIUM 7.5 HIGH
A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.
CVE-2022-23697 1 Hp 1 Oneview 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.