Hp Oneview vulnerabilities

CVE-2023-50274 [HIGH] CWE-77 CVE-2023-50274: HPE OneView may allow command injection with local privilege escalation. HPE OneView may allow command injection with local privilege escalation.

CVE-2023-50275 [HIGH] CWE-287 CVE-2023-50275: HPE OneView may allow clusterService Authentication Bypass resulting in denial of service. HPE OneView may allow clusterService Authentication Bypass resulting in denial of service.

CVE-2023-6573 [MEDIUM] CWE-522 CVE-2023-6573: HPE OneView may have a missing passphrase during restore. HPE OneView may have a missing passphrase during restore.

CVE-2023-30909 [CRITICAL] CWE-294 CVE-2023-30909: A remote authentication bypass issue exists in some OneView APIs. A remote authentication bypass issue exists in some OneView APIs.

CVE-2023-30908 [CRITICAL] CVE-2023-30908: A remote authentication bypass issue exists in a OneView API. A remote authentication bypass issue exists in a OneView API.

CVE-2023-28089 [HIGH] CWE-522 CVE-2023-28089: An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules

CVE-2023-28088 [HIGH] CWE-522 CVE-2023-28088: An HPE OneView appliance dump may expose SAN switch administrative credentials An HPE OneView appliance dump may expose SAN switch administrative credentials

CVE-2023-28084 [MEDIUM] CWE-522 CVE-2023-28084: HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens

CVE-2023-28090 [MEDIUM] CWE-522 CVE-2023-28090: An HPE OneView appliance dump may expose SNMPv3 read credentials An HPE OneView appliance dump may expose SNMPv3 read credentials

CVE-2023-28086 [MEDIUM] CWE-522 CVE-2023-28086: An HPE OneView appliance dump may expose proxy credential settings An HPE OneView appliance dump may expose proxy credential settings

CVE-2023-28087 [MEDIUM] CWE-522 CVE-2023-28087: An HPE OneView appliance dump may expose OneView user accounts An HPE OneView appliance dump may expose OneView user accounts

CVE-2023-28091 [MEDIUM] CVE-2023-28091: HPE OneView virtual appliance "Migrate server hardware" option may expose sensitive information in a HPE OneView virtual appliance "Migrate server hardware" option may expose sensitive information in an HPE OneView support dump

CVE-2022-28625 [MEDIUM] CWE-532 CVE-2022-28625: A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): Prior to 7.0 or 6.60.01. A low privileged user could locally exploit this vulnerability to disclose sensitive information resulting in a complete loss of confidentiality, integrity, and availability. To exploit this vulnerability, HPE OneView must be c

CVE-2022-28616 [CRITICAL] CWE-918 CVE-2022-28616: A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s): A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.

CVE-2022-28617 [CRITICAL] CVE-2022-28617: A remote bypass security restrictions vulnerability was discovered in HPE OneView version(s): Prior A remote bypass security restrictions vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.

CVE-2022-23706 [MEDIUM] CWE-79 CVE-2022-23706: A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.

CVE-2022-23699 [HIGH] CVE-2022-23699: A local authentication restriction bypass vulnerability was discovered in HPE OneView version(s): Pr A local authentication restriction bypass vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.

CVE-2022-23698 [HIGH] CVE-2022-23698: A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView versi A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.

CVE-2022-23697 [MEDIUM] CWE-79 CVE-2022-23697: A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.

CVE-2022-23700 [MEDIUM] CVE-2022-23700: A local unauthorized read access to files vulnerability was discovered in HPE OneView version(s): Pr A local unauthorized read access to files vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.