CVE-2023-30909Authentication Bypass by Capture-replay in Packard Enterprise HPE Oneview

CWE-294Authentication Bypass by Capture-replayCWE-288Authentication Bypass Using an Alternate Path or Channel3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
5.0%
top 10.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Hewlett Packard Enterprise HPE OneviewHP Oneview
Timeline
PublishedSep 14

Description

A remote authentication bypass issue exists in some OneView APIs.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDhp/oneview< 8.30.01

🔴Vulnerability Details

2
GHSA
GHSA-php2-3gv6-62rw: A remote authentication bypass issue exists in some OneView APIs2023-09-14
CVEList
CVE-2023-30909: A remote authentication bypass issue exists in some OneView APIs2023-09-14
CVE-2023-30909 — CRITICAL severity | cvebase