Hp Oneview

22 CVEs affecting Hp Oneview. Latest disclosed: 2024-01-23. Critical: 4, High: 7.

Top CVEs affecting Hp Oneview
CVESeverityScorePublishedSummary
CVE-2023-30909Critical9.82023-09-14A remote authentication bypass issue exists in some OneView APIs.
CVE-2023-30908Critical9.82023-09-07A remote authentication bypass issue exists in a OneView API.
CVE-2022-28616Critical9.82022-05-17A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve…
CVE-2022-28617Critical9.82022-05-17A remote bypass security restrictions vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this…
CVE-2020-7198High8.82020-11-06There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer. HPE has provided updates to…
CVE-2023-50274High7.82024-01-23HPE OneView may allow command injection with local privilege escalation.
CVE-2023-28088High7.82023-04-25An HPE OneView appliance dump may expose SAN switch administrative credentials
CVE-2022-23699High7.82022-04-04A local authentication restriction bypass vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve t…
CVE-2023-50275High7.52024-01-23HPE OneView may allow clusterService Authentication Bypass resulting in denial of service.
CVE-2022-23698High7.52022-04-04A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to…
CVE-2023-28089High7.12023-04-25An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules
CVE-2022-23706Medium6.12022-05-17A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vu…
CVE-2022-23697Medium6.12022-04-04A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vu…
CVE-2023-6573Medium5.52024-01-23HPE OneView may have a missing passphrase during restore.
CVE-2023-28084Medium5.52023-04-25HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens
CVE-2023-28090Medium5.52023-04-25An HPE OneView appliance dump may expose SNMPv3 read credentials
CVE-2023-28087Medium5.52023-04-25An HPE OneView appliance dump may expose OneView user accounts
CVE-2023-28086Medium5.52023-04-25An HPE OneView appliance dump may expose proxy credential settings
CVE-2023-28091Medium5.52023-04-14HPE OneView virtual appliance "Migrate server hardware" option may expose sensitive information in an HPE OneView support dump
CVE-2022-28625Medium5.52022-08-31A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): Prior to 7.0 or 6.60.01. A low privileged user could locall…