Vulnerabilites related to hp - oneview
Vulnerability from fkie_nvd
Published
2023-04-25 19:15
Modified
2025-02-03 17:15
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
An HPE OneView appliance dump may expose SNMPv3 read credentials
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:oneview:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "BA5D7ED2-08B6-478C-BC68-F9B6B84A9666",
"versionEndExcluding": "6.60.04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:oneview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1489D2EF-12C5-4540-A69E-326B4C41A4E3",
"versionEndExcluding": "8.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An HPE OneView appliance dump may expose SNMPv3 read credentials"
}
],
"id": "CVE-2023-28090",
"lastModified": "2025-02-03T17:15:13.480",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-04-25T19:15:10.980",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbgn04469en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbgn04469en_us"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-17 20:15
Modified
2024-11-21 06:49
Severity ?
Summary
A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:oneview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB47AED5-F055-437D-8609-BF494756CBDB",
"versionEndExcluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de tipo cross-site scripting (xss) remoto en HPE OneView versiones anteriores a 7.0. HPE ha proporcionado una actualizaci\u00f3n de software para resolver esta vulnerabilidad en HPE OneView"
}
],
"id": "CVE-2022-23706",
"lastModified": "2024-11-21T06:49:08.797",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-17T20:15:08.253",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn04278en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn04278en_us"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-14 15:15
Modified
2025-02-06 20:15
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
HPE OneView virtual appliance "Migrate server hardware" option may expose sensitive information in an HPE OneView support dump
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:oneview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3736F7E-F57E-4C62-BD43-B179EBBBB3C7",
"versionEndIncluding": "8.1",
"versionStartIncluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HPE OneView virtual appliance \"Migrate server hardware\" option may expose sensitive information in an HPE OneView support dump"
},
{
"lang": "es",
"value": "La opci\u00f3n \"Migrate server hardware\" de los appliance virtuales HPE OneView puede exponer informaci\u00f3n sensible en un HPE volcado de soporte de OneView."
}
],
"id": "CVE-2023-28091",
"lastModified": "2025-02-06T20:15:38.647",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-04-14T15:15:07.563",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbgn04467en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbgn04467en_us"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-25 19:15
Modified
2025-02-03 18:15
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
An HPE OneView appliance dump may expose OneView user accounts
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:oneview:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "BA5D7ED2-08B6-478C-BC68-F9B6B84A9666",
"versionEndExcluding": "6.60.04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:oneview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1489D2EF-12C5-4540-A69E-326B4C41A4E3",
"versionEndExcluding": "8.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An HPE OneView appliance dump may expose OneView user accounts"
}
],
"id": "CVE-2023-28087",
"lastModified": "2025-02-03T18:15:29.390",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-04-25T19:15:10.817",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbgn04469en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbgn04469en_us"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-25 19:15
Modified
2025-02-03 18:15
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
An HPE OneView appliance dump may expose proxy credential settings
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:oneview:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "BA5D7ED2-08B6-478C-BC68-F9B6B84A9666",
"versionEndExcluding": "6.60.04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:oneview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1489D2EF-12C5-4540-A69E-326B4C41A4E3",
"versionEndExcluding": "8.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An HPE OneView appliance dump may expose proxy credential settings"
}
],
"id": "CVE-2023-28086",
"lastModified": "2025-02-03T18:15:29.210",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-04-25T19:15:10.753",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbgn04469en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbgn04469en_us"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-04 20:15
Modified
2024-11-21 06:49
Severity ?
Summary
A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:oneview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28048A45-2867-4912-AC62-812C3D90B7BD",
"versionEndExcluding": "6.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n remota no autenticada en HPE OneView versiones: Anteriores a 6.6. HPE ha proporcionado una actualizaci\u00f3n de software para resolver esta vulnerabilidad en HPE OneView"
}
],
"id": "CVE-2022-23698",
"lastModified": "2024-11-21T06:49:07.810",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-04T20:15:10.557",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn04252en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn04252en_us"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-18 16:15
Modified
2025-03-17 22:15
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
This vulnerability could be exploited, leading to unauthorized disclosure of information to authenticated users.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:oneview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B081F48C-BFCB-4BAB-A774-226EEDD28608",
"versionEndExcluding": "9.20.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability could be exploited, leading to unauthorized disclosure of information to authenticated users."
},
{
"lang": "es",
"value": "Esta vulnerabilidad podr\u00eda ser explotada para provocar la divulgaci\u00f3n no autorizada de informaci\u00f3n a usuarios autenticados."
}
],
"id": "CVE-2024-42508",
"lastModified": "2025-03-17T22:15:13.330",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-10-18T16:15:04.710",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04721en_us\u0026docLocale=en_US"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-08 10:55
Modified
2025-04-12 10:46
Severity ?
Summary
Unspecified vulnerability in HP OneView 1.0 and 1.01 allows remote authenticated users to gain privileges via unknown vectors.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:oneview:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BB7B207E-38C8-44DB-8E38-CA6DDEB8C543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:oneview:1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "3EBA8F50-D886-47AE-81B4-E5F6CCCC6699",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in HP OneView 1.0 and 1.01 allows remote authenticated users to gain privileges via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en HP OneView 1.0 y 1.01 permite a usuarios remotos autenticados ganar privilegios a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2014-2602",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-05-08T10:55:04.560",
"references": [
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04273152"
},
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04273152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04273152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04273152"
}
],
"sourceIdentifier": "hp-security-alert@hp.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-25 20:15
Modified
2025-02-03 17:15
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:oneview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FBAAD7B8-CB8C-4F50-8A30-0B2CF5199B8F",
"versionEndExcluding": "6.60.04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:oneview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CCD692B5-5224-4D65-B5F6-9B1B4EF5B227",
"versionEndExcluding": "8.2",
"versionStartIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hpe:oneview_global_dashboard:*:*:*:*:*:*:*:*",
"matchCriteriaId": "458F8B2A-D560-4497-9DD0-1C654B28B991",
"versionEndExcluding": "2.72",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens"
}
],
"id": "CVE-2023-28084",
"lastModified": "2025-02-03T17:15:12.930",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-04-25T20:15:10.067",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbgn04468en_us"
},
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbgn04469en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbgn04468en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbgn04469en_us"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-17 20:15
Modified
2024-11-21 06:57
Severity ?
Summary
A remote bypass security restrictions vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:oneview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB47AED5-F055-437D-8609-BF494756CBDB",
"versionEndExcluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote bypass security restrictions vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de omisi\u00f3n remota de las restricciones de seguridad en HPE OneView versiones anteriores a 7.0. HPE ha proporcionado una actualizaci\u00f3n de software para resolver esta vulnerabilidad en HPE OneView"
}
],
"id": "CVE-2022-28617",
"lastModified": "2024-11-21T06:57:35.447",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-17T20:15:09.353",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn04278en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn04278en_us"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-07 22:15
Modified
2024-11-21 08:01
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A remote authentication bypass issue exists in a OneView API.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:oneview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "951E6F0C-7E2A-4B71-810C-130B79FFC3E3",
"versionEndExcluding": "6.60.05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:oneview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73DAA8E6-8BA9-4EB3-BD06-1E2F8DF5D9DF",
"versionEndExcluding": "8.5",
"versionStartIncluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote authentication bypass issue exists in a OneView API.\n\n"
},
{
"lang": "es",
"value": "Existe un problema de omisi\u00f3n de autenticaci\u00f3n remota en una API de OneView."
}
],
"id": "CVE-2023-30908",
"lastModified": "2024-11-21T08:01:02.943",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-07T22:15:07.500",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbgn04530en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbgn04530en_us"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-31 16:15
Modified
2024-11-21 06:57
Severity ?
Summary
A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): Prior to 7.0 or 6.60.01. A low privileged user could locally exploit this vulnerability to disclose sensitive information resulting in a complete loss of confidentiality, integrity, and availability. To exploit this vulnerability, HPE OneView must be configured with credential access to external repositories. HPE has provided a software update to resolve this vulnerability in HPE OneView.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-alert@hpe.com | https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04304en_us | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04304en_us | Mitigation, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:oneview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F3821839-150F-467A-9551-68EB52836811",
"versionEndExcluding": "6.60.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): Prior to 7.0 or 6.60.01. A low privileged user could locally exploit this vulnerability to disclose sensitive information resulting in a complete loss of confidentiality, integrity, and availability. To exploit this vulnerability, HPE OneView must be configured with credential access to external repositories. HPE has provided a software update to resolve this vulnerability in HPE OneView."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de divulgaci\u00f3n local de informaci\u00f3n confidencial HPE OneView: Versiones anteriores a 7.0 o 6.60.01. Un usuario poco privilegiado podr\u00eda explotar localmente esta vulnerabilidad para divulgar informaci\u00f3n confidencial, resultando en una p\u00e9rdida total de confidencialidad, integridad y disponibilidad. Para explotar esta vulnerabilidad, HPE OneView debe estar configurado con acceso de credenciales a repositorios externos. HPE ha proporcionado una actualizaci\u00f3n de software para resolver esta vulnerabilidad en HPE OneView"
}
],
"id": "CVE-2022-28625",
"lastModified": "2024-11-21T06:57:36.337",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-31T16:15:10.347",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn04304en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn04304en_us"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-17 21:15
Modified
2024-11-21 06:57
Severity ?
Summary
A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:oneview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB47AED5-F055-437D-8609-BF494756CBDB",
"versionEndExcluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de tipo server-side request forgery (ssrf) remoto en HPE OneView versiones: Anteriores a 7.0. HPE ha proporcionado una actualizaci\u00f3n de software para resolver esta vulnerabilidad en HPE OneView"
}
],
"id": "CVE-2022-28616",
"lastModified": "2024-11-21T06:57:35.333",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-17T21:15:08.280",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn04278en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn04278en_us"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-14 15:15
Modified
2024-11-21 08:01
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A remote authentication bypass issue exists in some
OneView APIs.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:oneview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "888C5596-B2F0-4C8A-85CF-728C49D956E1",
"versionEndExcluding": "8.30.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote authentication bypass issue exists in some\nOneView APIs.\n\n\n\n\n\n\n\n"
},
{
"lang": "es",
"value": "Existe un problema de omisi\u00f3n de autenticaci\u00f3n remota en algunas API de OneView."
}
],
"id": "CVE-2023-30909",
"lastModified": "2024-11-21T08:01:03.080",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-14T15:15:08.637",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbgn04538en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbgn04538en_us"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-294"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-04 20:15
Modified
2024-11-21 06:49
Severity ?
Summary
A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:oneview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28048A45-2867-4912-AC62-812C3D90B7BD",
"versionEndExcluding": "6.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de tipo cross-site scripting (xss) remoto en HPE OneView versi\u00f3n(es): Anteriores a 6.6. HPE ha proporcionado una actualizaci\u00f3n de software para resolver esta vulnerabilidad en HPE OneView"
}
],
"id": "CVE-2022-23697",
"lastModified": "2024-11-21T06:49:07.643",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-04T20:15:10.513",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn04252en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn04252en_us"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-04 20:15
Modified
2024-11-21 06:49
Severity ?
Summary
A local authentication restriction bypass vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:oneview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28048A45-2867-4912-AC62-812C3D90B7BD",
"versionEndExcluding": "6.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A local authentication restriction bypass vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de omisi\u00f3n de restricci\u00f3n de autenticaci\u00f3n local en HPE OneView versi\u00f3n(es): Anteriores a 6.6. HPE ha proporcionado una actualizaci\u00f3n de software para resolver esta vulnerabilidad en HPE OneView"
}
],
"id": "CVE-2022-23699",
"lastModified": "2024-11-21T06:49:07.943",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-04T20:15:10.597",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn04252en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn04252en_us"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-04 20:15
Modified
2024-11-21 06:49
Severity ?
Summary
A local unauthorized read access to files vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:oneview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28048A45-2867-4912-AC62-812C3D90B7BD",
"versionEndExcluding": "6.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A local unauthorized read access to files vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de acceso de lectura local no autorizada a archivos en HPE OneView versi\u00f3n(es): Anteriores a 6.6. HPE ha proporcionado una actualizaci\u00f3n de software para resolver esta vulnerabilidad en HPE OneView"
}
],
"id": "CVE-2022-23700",
"lastModified": "2024-11-21T06:49:08.070",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-04T20:15:10.637",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn04252en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn04252en_us"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-01-23 17:15
Modified
2025-06-20 19:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
HPE OneView may allow clusterService Authentication Bypass resulting in denial of service.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:oneview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "215E0DEB-49E1-40B3-9790-F4C60065505B",
"versionEndExcluding": "8.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HPE OneView may allow clusterService Authentication Bypass resulting in denial of service."
},
{
"lang": "es",
"value": "HPE OneView puede permitir la omisi\u00f3n de autenticaci\u00f3n del servicio de cl\u00faster, lo que resulta en una denegaci\u00f3n de servicio."
}
],
"id": "CVE-2023-50275",
"lastModified": "2025-06-20T19:15:26.100",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-23T17:15:10.127",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbgn04586en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbgn04586en_us"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-01-23 18:15
Modified
2024-11-21 08:44
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
HPE OneView may have a missing passphrase during restore.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:oneview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "215E0DEB-49E1-40B3-9790-F4C60065505B",
"versionEndExcluding": "8.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HPE OneView may have a missing passphrase during restore."
},
{
"lang": "es",
"value": "Es posible que a HPE OneView le falte una frase de contrase\u00f1a durante la restauraci\u00f3n."
}
],
"id": "CVE-2023-6573",
"lastModified": "2024-11-21T08:44:07.800",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-23T18:15:18.113",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbgn04586en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbgn04586en_us"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-25 19:15
Modified
2025-02-03 17:15
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An HPE OneView appliance dump may expose SAN switch administrative credentials
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:oneview:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "BA5D7ED2-08B6-478C-BC68-F9B6B84A9666",
"versionEndExcluding": "6.60.04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:oneview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1489D2EF-12C5-4540-A69E-326B4C41A4E3",
"versionEndExcluding": "8.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An HPE OneView appliance dump may expose SAN switch administrative credentials"
}
],
"id": "CVE-2023-28088",
"lastModified": "2025-02-03T17:15:13.147",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-04-25T19:15:10.873",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbgn04469en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbgn04469en_us"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-11-06 15:15
Modified
2024-11-21 05:36
Severity ?
Summary
There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer. HPE has provided updates to Oneview and Synergy Composer: Update to version 5.5 of OneView, Composer, or Composer2.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | oneview | 5.0 | |
| hp | oneview | 5.00.01 | |
| hp | oneview | 5.00.02 | |
| hp | oneview | 5.2 | |
| hp | oneview | 5.3 | |
| hp | oneview | 5.4 | |
| hp | oneview | 5.20.01 | |
| hp | synergy_composer | 5.0 | |
| hp | synergy_composer | 5.00.01 | |
| hp | synergy_composer | 5.00.02 | |
| hp | synergy_composer | 5.2 | |
| hp | synergy_composer | 5.3 | |
| hp | synergy_composer | 5.4 | |
| hp | synergy_composer | 5.20.01 | |
| hp | synergy_composer_2 | 5.0 | |
| hp | synergy_composer_2 | 5.00.01 | |
| hp | synergy_composer_2 | 5.00.02 | |
| hp | synergy_composer_2 | 5.2 | |
| hp | synergy_composer_2 | 5.3 | |
| hp | synergy_composer_2 | 5.4 | |
| hp | synergy_composer_2 | 5.20.01 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:oneview:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B43798D-E077-4DCC-B360-495F3260566B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:oneview:5.00.01:*:*:*:*:*:*:*",
"matchCriteriaId": "413D7888-B5F5-41D3-BBD8-E3821ED5AF03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:oneview:5.00.02:*:*:*:*:*:*:*",
"matchCriteriaId": "57CA44FC-88D3-434C-AAF4-29B77946CE46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:oneview:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C164845-25B5-4492-BBCC-4504D5B7EF98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:oneview:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7FF30AB6-5577-4E02-86DD-8A4B984C0254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:oneview:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "865F4A84-7508-420C-BEBC-E4BD0324660E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:oneview:5.20.01:*:*:*:*:*:*:*",
"matchCriteriaId": "A9FF0533-884C-45FB-9DBF-4F77C487347A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:synergy_composer:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C1E24806-A07A-4853-B37E-368A4369C00E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:synergy_composer:5.00.01:*:*:*:*:*:*:*",
"matchCriteriaId": "E5B6C01F-58F2-4AB7-87F1-4775772EC228",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:synergy_composer:5.00.02:*:*:*:*:*:*:*",
"matchCriteriaId": "C0D75A78-597D-4869-AF93-A7713EA3FC55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:synergy_composer:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "31B4B2A0-1049-4EA8-8201-CFDE0299CC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:synergy_composer:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8F2F7A90-DBF6-494B-B5C7-A8FDCF963E0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:synergy_composer:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "218EB5A1-5577-4779-88AC-48D11E202E6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:synergy_composer:5.20.01:*:*:*:*:*:*:*",
"matchCriteriaId": "2725D03B-CE0C-4257-9ADC-12A3B8132BC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:synergy_composer_2:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "86502D50-9271-4E97-AED8-B9F2D408A544",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:synergy_composer_2:5.00.01:*:*:*:*:*:*:*",
"matchCriteriaId": "269EA18C-C73B-42A4-926D-41D8E891859A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:synergy_composer_2:5.00.02:*:*:*:*:*:*:*",
"matchCriteriaId": "0D446953-7DE9-4B44-A3BD-E7F37A42203F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:synergy_composer_2:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2889CE0D-6C92-4D9D-82E4-5F787A81498F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:synergy_composer_2:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F8BDAE9F-F232-420E-8C9B-DF7749C2F80F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:synergy_composer_2:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E4407C0B-E515-4094-A014-60F933C6A95F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:synergy_composer_2:5.20.01:*:*:*:*:*:*:*",
"matchCriteriaId": "3114FF14-591B-4B58-AC55-98E06E7BE813",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer. HPE has provided updates to Oneview and Synergy Composer: Update to version 5.5 of OneView, Composer, or Composer2."
},
{
"lang": "es",
"value": "Se presenta una posible escalada de privilegios remota para un usuario malicioso que posee una cuenta de OneView en OneView y Synergy Composer.\u0026#xa0;HPE ha proporcionado actualizaciones para Oneview y Synergy Composer: Actualice a la versi\u00f3n 5.5 de OneView, Composer o Composer2"
}
],
"id": "CVE-2020-7198",
"lastModified": "2024-11-21T05:36:48.797",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-06T15:15:12.097",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04047en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04047en_us"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-25 19:15
Modified
2025-02-03 17:15
Severity ?
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Summary
An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:oneview:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "BA5D7ED2-08B6-478C-BC68-F9B6B84A9666",
"versionEndExcluding": "6.60.04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:oneview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1489D2EF-12C5-4540-A69E-326B4C41A4E3",
"versionEndExcluding": "8.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules"
}
],
"id": "CVE-2023-28089",
"lastModified": "2025-02-03T17:15:13.320",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-04-25T19:15:10.927",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbgn04469en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbgn04469en_us"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-01-23 17:15
Modified
2025-05-30 15:15
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
HPE OneView may allow command injection with local privilege escalation.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:oneview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "215E0DEB-49E1-40B3-9790-F4C60065505B",
"versionEndExcluding": "8.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HPE OneView may allow command injection with local privilege escalation."
},
{
"lang": "es",
"value": "HPE OneView puede permitir la inyecci\u00f3n de comandos con escalada de privilegios local."
}
],
"id": "CVE-2023-50274",
"lastModified": "2025-05-30T15:15:25.083",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "security-alert@hpe.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-23T17:15:09.597",
"references": [
{
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbgn04586en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbgn04586en_us"
}
],
"sourceIdentifier": "security-alert@hpe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
CVE-2020-7198 (GCVE-0-2020-7198)
Vulnerability from cvelistv5
Published
2020-11-06 14:14
Modified
2024-08-04 09:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- remote escalation of privilege
Summary
There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer. HPE has provided updates to Oneview and Synergy Composer: Update to version 5.5 of OneView, Composer, or Composer2.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | HP OneView; HPE Synergy Composer; HPE Synergy Composer 2 |
Version: 5.0, 5.00.01, 5.00.02, 5.2, 5.20.01, 5.3, 5.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:25:48.555Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04047en_us"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HP OneView; HPE Synergy Composer; HPE Synergy Composer 2",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.0, 5.00.01, 5.00.02, 5.2, 5.20.01, 5.3, 5.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer. HPE has provided updates to Oneview and Synergy Composer: Update to version 5.5 of OneView, Composer, or Composer2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote escalation of privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-06T14:14:04",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04047en_us"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2020-7198",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HP OneView; HPE Synergy Composer; HPE Synergy Composer 2",
"version": {
"version_data": [
{
"version_value": "5.0, 5.00.01, 5.00.02, 5.2, 5.20.01, 5.3, 5.4"
},
{
"version_value": "5.0, 5.00.01, 5.00.02, 5.2, 5.20.01, 5.3, 5.4"
},
{
"version_value": "5.0, 5.00.01, 5.00.02, 5.2, 5.20.01, 5.3, 5.4"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer. HPE has provided updates to Oneview and Synergy Composer: Update to version 5.5 of OneView, Composer, or Composer2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote escalation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04047en_us",
"refsource": "MISC",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04047en_us"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2020-7198",
"datePublished": "2020-11-06T14:14:04",
"dateReserved": "2020-01-16T00:00:00",
"dateUpdated": "2024-08-04T09:25:48.555Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2602 (GCVE-0-2014-2602)
Vulnerability from cvelistv5
Published
2014-05-08 10:00
Modified
2024-08-06 10:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in HP OneView 1.0 and 1.01 allows remote authenticated users to gain privileges via unknown vectors.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:21:35.756Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "HPSBGN03034",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04273152"
},
{
"name": "SSRT101496",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04273152"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in HP OneView 1.0 and 1.01 allows remote authenticated users to gain privileges via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-08T07:57:00",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"name": "HPSBGN03034",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04273152"
},
{
"name": "SSRT101496",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04273152"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2014-2602",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in HP OneView 1.0 and 1.01 allows remote authenticated users to gain privileges via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBGN03034",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04273152"
},
{
"name": "SSRT101496",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04273152"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2014-2602",
"datePublished": "2014-05-08T10:00:00",
"dateReserved": "2014-03-24T00:00:00",
"dateUpdated": "2024-08-06T10:21:35.756Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50275 (GCVE-0-2023-50275)
Vulnerability from cvelistv5
Published
2024-01-23 17:09
Modified
2025-06-20 18:53
Severity ?
VLAI Severity ?
EPSS score ?
Summary
HPE OneView may allow clusterService Authentication Bypass resulting in denial of service.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise | HPE OneView |
Version: 0 < 8.70 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:16:46.223Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbgn04586en_us"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50275",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-23T18:31:58.163581Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-20T18:53:32.458Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HPE OneView",
"vendor": "Hewlett Packard Enterprise",
"versions": [
{
"lessThan": "8.70",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "HPE OneView may allow clusterService Authentication Bypass resulting in denial of service."
}
],
"value": "HPE OneView may allow clusterService Authentication Bypass resulting in denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-23T17:10:14.116Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbgn04586en_us"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-50275",
"datePublished": "2024-01-23T17:09:52.902Z",
"dateReserved": "2023-12-06T14:22:26.840Z",
"dateUpdated": "2025-06-20T18:53:32.458Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28088 (GCVE-0-2023-28088)
Vulnerability from cvelistv5
Published
2023-04-25 18:43
Modified
2025-02-03 17:08
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An HPE OneView appliance dump may expose SAN switch administrative credentials
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | HPE OneView |
Version: 0 ≤ Version: 0 < 6.60.04 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:30:23.946Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbgn04469en_us"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-28088",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-03T17:07:33.720226Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-03T17:08:10.085Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HPE OneView",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "6.60.04",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An HPE OneView appliance dump may expose SAN switch administrative credentials"
}
],
"providerMetadata": {
"dateUpdated": "2023-04-25T19:05:03.640Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbgn04469en_us"
}
],
"x_generator": {
"engine": "cveClient/1.0.13"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-28088",
"datePublished": "2023-04-25T18:43:01.040Z",
"dateReserved": "2023-03-10T14:47:44.212Z",
"dateUpdated": "2025-02-03T17:08:10.085Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30909 (GCVE-0-2023-30909)
Vulnerability from cvelistv5
Published
2023-09-14 14:56
Modified
2024-10-28 19:07
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A remote authentication bypass issue exists in some
OneView APIs.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | HPE OneView |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:37:15.510Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbgn04538en_us"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hpe:oneview:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "oneview",
"vendor": "hpe",
"versions": [
{
"lessThan": "6.60.05",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "affected",
"version": "7.00.00"
},
{
"status": "affected",
"version": "7.10.00"
},
{
"status": "affected",
"version": "7.20.00"
},
{
"status": "affected",
"version": "8.00.00"
},
{
"status": "affected",
"version": "8.10.00"
},
{
"status": "affected",
"version": "8.20.00"
},
{
"status": "affected",
"version": "8.30.00"
},
{
"status": "affected",
"version": "8.40.00"
}
]
},
{
"cpes": [
"cpe:2.3:a:hpe:oneview_global_dashboard:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "oneview_global_dashboard",
"vendor": "hpe",
"versions": [
{
"lessThan": "2.81",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30909",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T18:38:32.503815Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-294",
"description": "CWE-294 Authentication Bypass by Capture-replay",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T19:07:11.996Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HPE OneView",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThan": "8.30.01",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-09-14T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA remote authentication bypass issue exists in some\nOneView APIs.\u003c/p\u003e\n\n\n\n\n\n"
}
],
"value": "A remote authentication bypass issue exists in some\nOneView APIs.\n\n\n\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-14T14:56:46.865Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbgn04538en_us"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-30909",
"datePublished": "2023-09-14T14:56:34.484Z",
"dateReserved": "2023-04-20T16:58:53.926Z",
"dateUpdated": "2024-10-28T19:07:11.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28616 (GCVE-0-2022-28616)
Vulnerability from cvelistv5
Published
2022-05-17 20:04
Modified
2024-08-03 05:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- remote server-side request forgery (ssrf)
Summary
A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | HPE OneView |
Version: Prior to 7.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:56:16.046Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn04278en_us"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HPE OneView",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 7.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote server-side request forgery (ssrf)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-17T20:04:17",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn04278en_us"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2022-28616",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HPE OneView",
"version": {
"version_data": [
{
"version_value": "Prior to 7.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote server-side request forgery (ssrf)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn04278en_us",
"refsource": "MISC",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn04278en_us"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-28616",
"datePublished": "2022-05-17T20:04:17",
"dateReserved": "2022-04-04T00:00:00",
"dateUpdated": "2024-08-03T05:56:16.046Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23700 (GCVE-0-2022-23700)
Vulnerability from cvelistv5
Published
2022-04-04 19:45
Modified
2024-08-03 03:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- local unauthorized read access to files
Summary
A local unauthorized read access to files vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | HPE OneView |
Version: Prior to 6.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:45.927Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn04252en_us"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HPE OneView",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 6.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A local unauthorized read access to files vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "local unauthorized read access to files",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-04T19:45:42",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn04252en_us"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2022-23700",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HPE OneView",
"version": {
"version_data": [
{
"version_value": "Prior to 6.6"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A local unauthorized read access to files vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "local unauthorized read access to files"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn04252en_us",
"refsource": "MISC",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn04252en_us"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-23700",
"datePublished": "2022-04-04T19:45:42",
"dateReserved": "2022-01-19T00:00:00",
"dateUpdated": "2024-08-03T03:51:45.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50274 (GCVE-0-2023-50274)
Vulnerability from cvelistv5
Published
2024-01-23 17:02
Modified
2025-05-30 14:19
Severity ?
VLAI Severity ?
EPSS score ?
Summary
HPE OneView may allow command injection with local privilege escalation.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise | HPE OneView |
Version: 0 < 8.70 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:16:46.231Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbgn04586en_us"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50274",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T15:46:47.710889Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T14:19:09.185Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HPE OneView",
"vendor": "Hewlett Packard Enterprise",
"versions": [
{
"lessThan": "8.70",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "HPE OneView may allow command injection with local privilege escalation."
}
],
"value": "HPE OneView may allow command injection with local privilege escalation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-23T17:02:38.098Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbgn04586en_us"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-50274",
"datePublished": "2024-01-23T17:02:38.098Z",
"dateReserved": "2023-12-06T14:22:26.839Z",
"dateUpdated": "2025-05-30T14:19:09.185Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28084 (GCVE-0-2023-28084)
Vulnerability from cvelistv5
Published
2023-04-25 19:00
Modified
2025-02-03 17:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-522 - Insufficiently Protected Credentials
Summary
HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Hewlett Packard Enterprise | HPE OneView |
Version: 0 < Version: 0 < 6.60.04 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:30:24.061Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbgn04468en_us"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbgn04469en_us"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-28084",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-03T16:58:51.561128Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-03T17:00:17.458Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HPE OneView",
"vendor": "Hewlett Packard Enterprise",
"versions": [
{
"lessThanOrEqual": "8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "6.60.04",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HPE OneView Global Dashboard",
"vendor": "Hewlett Packard Enterprise",
"versions": [
{
"lessThan": "2.72",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens"
}
],
"value": "HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-25T19:00:24.125Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbgn04468en_us"
},
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbgn04469en_us"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-28084",
"datePublished": "2023-04-25T19:00:14.252Z",
"dateReserved": "2023-03-10T14:47:44.211Z",
"dateUpdated": "2025-02-03T17:00:17.458Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28086 (GCVE-0-2023-28086)
Vulnerability from cvelistv5
Published
2023-04-25 18:39
Modified
2025-02-03 17:12
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An HPE OneView appliance dump may expose proxy credential settings
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | HPE OneView |
Version: 0 ≤ Version: 0 < 6.60.04 LTS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:30:23.954Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbgn04469en_us"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-28086",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-03T17:11:15.080888Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-03T17:12:02.168Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HPE OneView",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "6.60.04 LTS",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An HPE OneView appliance dump may expose proxy credential settings"
}
],
"providerMetadata": {
"dateUpdated": "2023-04-25T19:02:17.186Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbgn04469en_us"
}
],
"x_generator": {
"engine": "cveClient/1.0.13"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-28086",
"datePublished": "2023-04-25T18:39:46.125Z",
"dateReserved": "2023-03-10T14:47:44.212Z",
"dateUpdated": "2025-02-03T17:12:02.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23706 (GCVE-0-2022-23706)
Vulnerability from cvelistv5
Published
2022-05-17 20:01
Modified
2024-08-03 03:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- remote cross-site scripting (xss)
Summary
A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | HPE OneView |
Version: Prior to 7.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:46.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn04278en_us"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HPE OneView",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 7.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote cross-site scripting (xss)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-17T20:01:57",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn04278en_us"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2022-23706",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HPE OneView",
"version": {
"version_data": [
{
"version_value": "Prior to 7.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote cross-site scripting (xss)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn04278en_us",
"refsource": "MISC",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn04278en_us"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-23706",
"datePublished": "2022-05-17T20:01:57",
"dateReserved": "2022-01-19T00:00:00",
"dateUpdated": "2024-08-03T03:51:46.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30908 (GCVE-0-2023-30908)
Vulnerability from cvelistv5
Published
2023-09-07 21:28
Modified
2025-03-06 15:45
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A remote authentication bypass issue exists in a OneView API.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | HPE OneView |
Version: 0 ≤ Version: 0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:37:15.501Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbgn04530en_us"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30908",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-06T15:28:28.299306Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-06T15:45:38.953Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HPE OneView",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThan": "8.5",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "6.60.05 LTS",
"status": "affected",
"version": "0",
"versionType": "custom0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Hewlett Packard Enterprise acknowledges Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) working with Trend Micro Zero Day Initiative for reporting this remote authentication bypass issue (CVE-2023-30908) to security-alert@hpe.com."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA remote authentication bypass issue exists in a OneView API.\u003c/p\u003e"
}
],
"value": "A remote authentication bypass issue exists in a OneView API.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-13T14:47:33.519Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbgn04530en_us"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "cveClient/1.0.13"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-30908",
"datePublished": "2023-09-07T21:28:04.779Z",
"dateReserved": "2023-04-20T16:58:53.926Z",
"dateUpdated": "2025-03-06T15:45:38.953Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28617 (GCVE-0-2022-28617)
Vulnerability from cvelistv5
Published
2022-05-17 19:59
Modified
2024-08-03 05:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- remote bypass security restrictions
Summary
A remote bypass security restrictions vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | HPE OneView |
Version: Prior to 7.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:56:16.116Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn04278en_us"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HPE OneView",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 7.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote bypass security restrictions vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote bypass security restrictions",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-17T19:59:15",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn04278en_us"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2022-28617",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HPE OneView",
"version": {
"version_data": [
{
"version_value": "Prior to 7.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote bypass security restrictions vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote bypass security restrictions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn04278en_us",
"refsource": "MISC",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn04278en_us"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-28617",
"datePublished": "2022-05-17T19:59:15",
"dateReserved": "2022-04-04T00:00:00",
"dateUpdated": "2024-08-03T05:56:16.116Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28090 (GCVE-0-2023-28090)
Vulnerability from cvelistv5
Published
2023-04-25 18:45
Modified
2025-02-03 17:04
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An HPE OneView appliance dump may expose SNMPv3 read credentials
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | HPE OneView |
Version: 0 ≤ Version: 0 < 6.60.04 LTS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:30:23.963Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbgn04469en_us"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-28090",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-03T17:01:44.714780Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-03T17:04:05.860Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HPE OneView",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "6.60.04 LTS",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An HPE OneView appliance dump may expose SNMPv3 read credentials"
}
],
"providerMetadata": {
"dateUpdated": "2023-04-25T19:04:07.675Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbgn04469en_us"
}
],
"x_generator": {
"engine": "cveClient/1.0.13"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-28090",
"datePublished": "2023-04-25T18:45:35.090Z",
"dateReserved": "2023-03-10T14:47:44.212Z",
"dateUpdated": "2025-02-03T17:04:05.860Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23697 (GCVE-0-2022-23697)
Vulnerability from cvelistv5
Published
2022-04-04 19:45
Modified
2024-08-03 03:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- remote cross-site scripting (xss)
Summary
A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | HPE OneView |
Version: Prior to 6.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:45.688Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn04252en_us"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HPE OneView",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 6.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote cross-site scripting (xss)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-04T19:45:39",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn04252en_us"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2022-23697",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HPE OneView",
"version": {
"version_data": [
{
"version_value": "Prior to 6.6"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote cross-site scripting (xss)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn04252en_us",
"refsource": "MISC",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn04252en_us"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-23697",
"datePublished": "2022-04-04T19:45:39",
"dateReserved": "2022-01-19T00:00:00",
"dateUpdated": "2024-08-03T03:51:45.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6573 (GCVE-0-2023-6573)
Vulnerability from cvelistv5
Published
2024-01-23 17:13
Modified
2024-10-28 18:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
HPE OneView may have a missing passphrase during restore.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise | HPE OneView |
Version: 0 < 8.70 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:35:14.744Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbgn04586en_us"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6573",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-26T18:12:46.044218Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T18:44:09.140Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HPE OneView",
"vendor": "Hewlett Packard Enterprise",
"versions": [
{
"lessThan": "8.70",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "HPE OneView may have a missing passphrase during restore."
}
],
"value": "HPE OneView may have a missing passphrase during restore."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-23T17:13:31.781Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbgn04586en_us"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-6573",
"datePublished": "2024-01-23T17:13:31.781Z",
"dateReserved": "2023-12-07T11:59:13.304Z",
"dateUpdated": "2024-10-28T18:44:09.140Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42508 (GCVE-0-2024-42508)
Vulnerability from cvelistv5
Published
2024-10-18 15:10
Modified
2025-03-17 21:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Summary
This vulnerability could be exploited, leading to unauthorized disclosure of information to authenticated users.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | HPE OneView |
Version: < 9.20 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-42508",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-18T16:24:05.740632Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T21:29:01.123Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "HPE OneView",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "\u003c 9.20"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability could be exploited, leading to unauthorized disclosure of information to authenticated users."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-18T15:10:26.609Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04721en_us\u0026docLocale=en_US"
}
],
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-42508",
"datePublished": "2024-10-18T15:10:26.609Z",
"dateReserved": "2024-08-02T17:04:57.632Z",
"dateUpdated": "2025-03-17T21:29:01.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23699 (GCVE-0-2022-23699)
Vulnerability from cvelistv5
Published
2022-04-04 19:45
Modified
2024-08-03 03:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- local authentication restriction bypass
Summary
A local authentication restriction bypass vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | HPE OneView |
Version: Prior to 6.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:45.955Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn04252en_us"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HPE OneView",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 6.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A local authentication restriction bypass vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "local authentication restriction bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-04T19:45:41",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn04252en_us"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2022-23699",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HPE OneView",
"version": {
"version_data": [
{
"version_value": "Prior to 6.6"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A local authentication restriction bypass vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "local authentication restriction bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn04252en_us",
"refsource": "MISC",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn04252en_us"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-23699",
"datePublished": "2022-04-04T19:45:41",
"dateReserved": "2022-01-19T00:00:00",
"dateUpdated": "2024-08-03T03:51:45.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28089 (GCVE-0-2023-28089)
Vulnerability from cvelistv5
Published
2023-04-25 18:44
Modified
2025-02-03 17:06
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | HPE OneView |
Version: 0 ≤ Version: 0 < 6.60.04 LTS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:30:24.014Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbgn04469en_us"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-28089",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-03T17:05:00.658984Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-03T17:06:21.698Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HPE OneView",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "6.60.04 LTS",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules"
}
],
"providerMetadata": {
"dateUpdated": "2023-04-25T19:04:39.921Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbgn04469en_us"
}
],
"x_generator": {
"engine": "cveClient/1.0.13"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-28089",
"datePublished": "2023-04-25T18:44:21.865Z",
"dateReserved": "2023-03-10T14:47:44.212Z",
"dateUpdated": "2025-02-03T17:06:21.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28087 (GCVE-0-2023-28087)
Vulnerability from cvelistv5
Published
2023-04-25 18:41
Modified
2025-02-03 17:09
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An HPE OneView appliance dump may expose OneView user accounts
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | HPE OneView |
Version: 0 ≤ Version: 0 < 6.60.04 LTS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:30:23.848Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbgn04469en_us"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-28087",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-03T17:09:03.054417Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-03T17:09:45.718Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HPE OneView",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "6.60.04 LTS",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An HPE OneView appliance dump may expose OneView user accounts"
}
],
"providerMetadata": {
"dateUpdated": "2023-04-25T19:06:26.122Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbgn04469en_us"
}
],
"x_generator": {
"engine": "cveClient/1.0.13"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-28087",
"datePublished": "2023-04-25T18:41:15.824Z",
"dateReserved": "2023-03-10T14:47:44.212Z",
"dateUpdated": "2025-02-03T17:09:45.718Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28091 (GCVE-0-2023-28091)
Vulnerability from cvelistv5
Published
2023-04-14 14:04
Modified
2025-02-06 19:33
Severity ?
VLAI Severity ?
EPSS score ?
Summary
HPE OneView virtual appliance "Migrate server hardware" option may expose sensitive information in an HPE OneView support dump
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | HPE OneView |
Version: 7.0 ≤ 8.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:30:24.070Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbgn04467en_us"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-28091",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T19:32:32.744130Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T19:33:15.638Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HPE OneView",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "8.1",
"status": "affected",
"version": "7.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HPE OneView virtual appliance \"Migrate server hardware\" option may expose sensitive information in an HPE OneView support dump"
}
],
"providerMetadata": {
"dateUpdated": "2023-04-14T14:08:08.103Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbgn04467en_us"
}
],
"x_generator": {
"engine": "cveClient/1.0.13"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-28091",
"datePublished": "2023-04-14T14:04:35.333Z",
"dateReserved": "2023-03-10T14:47:44.212Z",
"dateUpdated": "2025-02-06T19:33:15.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28625 (GCVE-0-2022-28625)
Vulnerability from cvelistv5
Published
2022-08-31 15:59
Modified
2024-08-03 05:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- local disclosure of sensitive information
Summary
A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): Prior to 7.0 or 6.60.01. A low privileged user could locally exploit this vulnerability to disclose sensitive information resulting in a complete loss of confidentiality, integrity, and availability. To exploit this vulnerability, HPE OneView must be configured with credential access to external repositories. HPE has provided a software update to resolve this vulnerability in HPE OneView.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | HPE OneView |
Version: Prior to 7.0 or 6.60.01 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:56:16.147Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn04304en_us"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HPE OneView",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 7.0 or 6.60.01"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): Prior to 7.0 or 6.60.01. A low privileged user could locally exploit this vulnerability to disclose sensitive information resulting in a complete loss of confidentiality, integrity, and availability. To exploit this vulnerability, HPE OneView must be configured with credential access to external repositories. HPE has provided a software update to resolve this vulnerability in HPE OneView."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "local disclosure of sensitive information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-31T15:59:33",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn04304en_us"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2022-28625",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HPE OneView",
"version": {
"version_data": [
{
"version_value": "Prior to 7.0 or 6.60.01"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): Prior to 7.0 or 6.60.01. A low privileged user could locally exploit this vulnerability to disclose sensitive information resulting in a complete loss of confidentiality, integrity, and availability. To exploit this vulnerability, HPE OneView must be configured with credential access to external repositories. HPE has provided a software update to resolve this vulnerability in HPE OneView."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "local disclosure of sensitive information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn04304en_us",
"refsource": "MISC",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn04304en_us"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-28625",
"datePublished": "2022-08-31T15:59:33",
"dateReserved": "2022-04-04T00:00:00",
"dateUpdated": "2024-08-03T05:56:16.147Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23698 (GCVE-0-2022-23698)
Vulnerability from cvelistv5
Published
2022-04-04 19:45
Modified
2024-08-03 03:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- remote unauthenticated disclosure of information
Summary
A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | HPE OneView |
Version: Prior to 6.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:45.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn04252en_us"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HPE OneView",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 6.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote unauthenticated disclosure of information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-04T19:45:40",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn04252en_us"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2022-23698",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HPE OneView",
"version": {
"version_data": [
{
"version_value": "Prior to 6.6"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote unauthenticated disclosure of information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn04252en_us",
"refsource": "MISC",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn04252en_us"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2022-23698",
"datePublished": "2022-04-04T19:45:40",
"dateReserved": "2022-01-19T00:00:00",
"dateUpdated": "2024-08-03T03:51:45.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}