Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Oneview
(Hp)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 22 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-04-25 | CVE-2023-28089 | An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules | Oneview | 7.1 | ||
| 2023-04-25 | CVE-2023-28090 | An HPE OneView appliance dump may expose SNMPv3 read credentials | Oneview | 5.5 | ||
| 2023-04-14 | CVE-2023-28091 | HPE OneView virtual appliance "Migrate server hardware" option may expose sensitive information in an HPE OneView support dump | Oneview | 5.5 | ||
| 2022-08-31 | CVE-2022-28625 | A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): Prior to 7.0 or 6.60.01. A low privileged user could locally exploit this vulnerability to disclose sensitive information resulting in a complete loss of confidentiality, integrity, and availability. To exploit this vulnerability, HPE OneView must be configured with credential access to external repositories. HPE has provided a software update to resolve this vulnerability in HPE OneView. | Oneview | 5.5 | ||
| 2022-05-17 | CVE-2022-28616 | A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView. | Oneview | 9.8 | ||
| 2022-05-17 | CVE-2022-23706 | A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView. | Oneview | 6.1 | ||
| 2022-04-04 | CVE-2022-23698 | A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView. | Oneview | 7.5 | ||
| 2022-04-04 | CVE-2022-23697 | A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView. | Oneview | 6.1 | ||
| 2020-11-06 | CVE-2020-7198 | There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer. HPE has provided updates to Oneview and Synergy Composer: Update to version 5.5 of OneView, Composer, or Composer2. | Oneview, Synergy_composer, Synergy_composer_2 | 8.8 | ||
| 2014-05-08 | CVE-2014-2602 | Unspecified vulnerability in HP OneView 1.0 and 1.01 allows remote authenticated users to gain privileges via unknown vectors. | Oneview | N/A |