Hp Oneview
22 CVEs affecting Hp Oneview. Latest disclosed: 2024-01-23. Critical: 4, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-30909 | Critical | 9.8 | 2023-09-14 | A remote authentication bypass issue exists in some OneView APIs. |
CVE-2023-30908 | Critical | 9.8 | 2023-09-07 | A remote authentication bypass issue exists in a OneView API. |
CVE-2022-28616 | Critical | 9.8 | 2022-05-17 | A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve… |
CVE-2022-28617 | Critical | 9.8 | 2022-05-17 | A remote bypass security restrictions vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this… |
CVE-2020-7198 | High | 8.8 | 2020-11-06 | There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer. HPE has provided updates to… |
CVE-2023-50274 | High | 7.8 | 2024-01-23 | HPE OneView may allow command injection with local privilege escalation. |
CVE-2023-28088 | High | 7.8 | 2023-04-25 | An HPE OneView appliance dump may expose SAN switch administrative credentials |
CVE-2022-23699 | High | 7.8 | 2022-04-04 | A local authentication restriction bypass vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve t… |
CVE-2023-50275 | High | 7.5 | 2024-01-23 | HPE OneView may allow clusterService Authentication Bypass resulting in denial of service. |
CVE-2022-23698 | High | 7.5 | 2022-04-04 | A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to… |
CVE-2023-28089 | High | 7.1 | 2023-04-25 | An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules |
CVE-2022-23706 | Medium | 6.1 | 2022-05-17 | A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vu… |
CVE-2022-23697 | Medium | 6.1 | 2022-04-04 | A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vu… |
CVE-2023-6573 | Medium | 5.5 | 2024-01-23 | HPE OneView may have a missing passphrase during restore. |
CVE-2023-28084 | Medium | 5.5 | 2023-04-25 | HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens |
CVE-2023-28090 | Medium | 5.5 | 2023-04-25 | An HPE OneView appliance dump may expose SNMPv3 read credentials |
CVE-2023-28087 | Medium | 5.5 | 2023-04-25 | An HPE OneView appliance dump may expose OneView user accounts |
CVE-2023-28086 | Medium | 5.5 | 2023-04-25 | An HPE OneView appliance dump may expose proxy credential settings |
CVE-2023-28091 | Medium | 5.5 | 2023-04-14 | HPE OneView virtual appliance "Migrate server hardware" option may expose sensitive information in an HPE OneView support dump |
CVE-2022-28625 | Medium | 5.5 | 2022-08-31 | A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): Prior to 7.0 or 6.60.01. A low privileged user could locall… |