Hewlett Packard Enterprise Hpe Oneview vulnerabilities
15 known vulnerabilities affecting hewlett_packard_enterprise/hpe_oneview.
Total CVEs
15
CISA KEV
1
actively exploited
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL4HIGH4MEDIUM7
Vulnerabilities
Page 1 of 1
CVE-2025-37164P1CRITICALCVSS 9.8KEVPoCfixed in 11.002025-12-16
CVE-2025-37164 [CRITICAL] CWE-94 CVE-2025-37164: A remote code execution issue exists in HPE OneView.
A remote code execution issue exists in HPE OneView.
nvd
CVE-2023-30908P2CRITICALCVSS 9.8fixed in 8.5fixed in 6.60.05 LTS2023-09-07
CVE-2023-30908 [CRITICAL] CVE-2023-30908: A remote authentication bypass issue exists in a OneView API.
A remote authentication bypass issue exists in a OneView API.
nvd
CVE-2023-30909P2CRITICALCVSS 9.8fixed in 8.30.012023-09-14
CVE-2023-30909 [CRITICAL] CWE-294 CVE-2023-30909: A remote authentication bypass issue exists in some OneView APIs.
A remote authentication bypass issue exists in some
OneView APIs.
nvd
CVE-2023-30912P2CRITICALCVSS 9.8fixed in 8.60.002023-10-25
CVE-2023-30912 [CRITICAL] CWE-94 CVE-2023-30912: A remote code execution issue exists in HPE OneView.
A remote code execution issue exists in HPE OneView.
nvd
CVE-2023-50274P3HIGHCVSS 7.8fixed in 8.702024-01-23
CVE-2023-50274 [HIGH] CWE-77 CVE-2023-50274: HPE OneView may allow command injection with local privilege escalation.
HPE OneView may allow command injection with local privilege escalation.
nvd
CVE-2023-50275P3HIGHCVSS 7.5fixed in 8.702024-01-23
CVE-2023-50275 [HIGH] CWE-287 CVE-2023-50275: HPE OneView may allow clusterService Authentication Bypass resulting in denial of service.
HPE OneView may allow clusterService Authentication Bypass resulting in denial of service.
nvd
CVE-2023-28088P3HIGHCVSS 7.8fixed in 8.2fixed in 6.60.042023-04-25
CVE-2023-28088 [HIGH] CWE-522 CVE-2023-28088: An HPE OneView appliance dump may expose SAN switch administrative credentials
An HPE OneView appliance dump may expose SAN switch administrative credentials
nvd
CVE-2023-28089P4HIGHCVSS 7.1fixed in 8.2fixed in 6.60.04 LTS2023-04-25
CVE-2023-28089 [HIGH] CWE-522 CVE-2023-28089: An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules
An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules
nvd
CVE-2024-42508P4MEDIUMCVSS 5.5fixed in 9.202024-10-18
CVE-2024-42508 [MEDIUM] CWE-200 CVE-2024-42508: This vulnerability could be exploited, leading to unauthorized disclosure of information to authenti
This vulnerability could be exploited, leading to unauthorized disclosure of information to authenticated users.
nvd
CVE-2023-28084P4MEDIUMCVSS 5.5≤ 8.2fixed in 6.60.042023-04-25
CVE-2023-28084 [MEDIUM] CWE-522 CVE-2023-28084: HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens
HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens
nvd
CVE-2023-28091P4MEDIUMCVSS 5.5≥ 7.0, ≤ 8.12023-04-14
CVE-2023-28091 [MEDIUM] CVE-2023-28091: HPE OneView virtual appliance "Migrate server hardware" option may expose sensitive information in a
HPE OneView virtual appliance "Migrate server hardware" option may expose sensitive information in an HPE OneView support dump
nvd
CVE-2023-6573P4MEDIUMCVSS 5.5fixed in 8.702024-01-23
CVE-2023-6573 [MEDIUM] CWE-522 CVE-2023-6573: HPE OneView may have a missing passphrase during restore.
HPE OneView may have a missing passphrase during restore.
nvd
CVE-2023-28090P4MEDIUMCVSS 5.5fixed in 8.2fixed in 6.60.04 LTS2023-04-25
CVE-2023-28090 [MEDIUM] CWE-522 CVE-2023-28090: An HPE OneView appliance dump may expose SNMPv3 read credentials
An HPE OneView appliance dump may expose SNMPv3 read credentials
nvd
CVE-2023-28086P4MEDIUMCVSS 5.5fixed in 8.2fixed in 6.60.04 LTS2023-04-25
CVE-2023-28086 [MEDIUM] CWE-522 CVE-2023-28086: An HPE OneView appliance dump may expose proxy credential settings
An HPE OneView appliance dump may expose proxy credential settings
nvd
CVE-2023-28087P4MEDIUMCVSS 5.5fixed in 8.2fixed in 6.60.04 LTS2023-04-25
CVE-2023-28087 [MEDIUM] CWE-522 CVE-2023-28087: An HPE OneView appliance dump may expose OneView user accounts
An HPE OneView appliance dump may expose OneView user accounts
nvd