CVE-2023-28089Insufficiently Protected Credentials in Packard Enterprise HPE Oneview

CWE-522Insufficiently Protected Credentials3 documents3 sources
Severity
7.1HIGHNVD
EPSS
0.1%
top 77.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Hewlett Packard Enterprise HPE OneviewHP Oneview
Timeline
PublishedApr 25

Description

An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 1.8 | Impact: 5.2

Affected Packages2 packages

NVDhp/oneview< 6.60.04+1

🔴Vulnerability Details

2
CVEList
CVE-2023-28089: An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules2023-04-25
GHSA
GHSA-mhqh-6m58-844q: An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules2023-04-25
CVE-2023-28089 — Insufficiently Protected Credentials | cvebase