Skip to main content

Oneview

21 CVEs product

Monthly

CVE-2024-42508 MEDIUM This Month

This vulnerability could be exploited, leading to unauthorized disclosure of information to authenticated users. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Oneview
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-30912 CRITICAL Act Now

A remote code execution issue exists in HPE OneView. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Oneview
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-30909 CRITICAL Act Now

A remote authentication bypass issue exists in some OneView APIs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oneview
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-30908 CRITICAL Act Now

A remote authentication bypass issue exists in a OneView API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oneview
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-28084 MEDIUM This Month

HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Oneview Oneview Global Dashboard
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-28090 MEDIUM This Month

An HPE OneView appliance dump may expose SNMPv3 read credentials. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Oneview
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-28089 HIGH This Week

An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Oneview
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-28088 HIGH This Week

An HPE OneView appliance dump may expose SAN switch administrative credentials. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Oneview
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-28087 MEDIUM This Month

An HPE OneView appliance dump may expose OneView user accounts. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Oneview
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-28086 MEDIUM This Month

An HPE OneView appliance dump may expose proxy credential settings. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Oneview
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-28091 MEDIUM This Month

HPE OneView virtual appliance "Migrate server hardware" option may expose sensitive information in an HPE OneView support dump. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Oneview
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-28625 MEDIUM This Month

A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): Prior to 7.0 or 6.60.01. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Oneview
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-28616 CRITICAL PATCH Act Now

A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SSRF Oneview
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-28617 CRITICAL PATCH Act Now

A remote bypass security restrictions vulnerability was discovered in HPE OneView version(s): Prior to 7.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oneview
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2022-23706 MEDIUM PATCH This Month

A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Oneview
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-23700 MEDIUM This Month

A local unauthorized read access to files vulnerability was discovered in HPE OneView version(s): Prior to 6.6. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Oneview
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-23699 HIGH This Week

A local authentication restriction bypass vulnerability was discovered in HPE OneView version(s): Prior to 6.6. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Oneview
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-23698 HIGH This Week

A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView version(s): Prior to 6.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Oneview
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-23697 MEDIUM This Month

A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 6.6. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Oneview
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-7198 HIGH This Week

There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Oneview Synergy Composer Synergy Composer 2
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2014-2602 MEDIUM This Month

Unspecified vulnerability in HP OneView 1.0 and 1.01 allows remote authenticated users to gain privileges via unknown vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Oneview
NVD
CVSS 2.0
6.5
EPSS
0.2%
EPSS 0% CVSS 5.5
MEDIUM This Month

This vulnerability could be exploited, leading to unauthorized disclosure of information to authenticated users. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Oneview
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A remote code execution issue exists in HPE OneView. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Oneview
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A remote authentication bypass issue exists in some OneView APIs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oneview
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A remote authentication bypass issue exists in a OneView API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oneview
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Oneview Oneview Global Dashboard
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An HPE OneView appliance dump may expose SNMPv3 read credentials. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Oneview
NVD
EPSS 0% CVSS 7.1
HIGH This Week

An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Oneview
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An HPE OneView appliance dump may expose SAN switch administrative credentials. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Oneview
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An HPE OneView appliance dump may expose OneView user accounts. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Oneview
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An HPE OneView appliance dump may expose proxy credential settings. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Oneview
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

HPE OneView virtual appliance "Migrate server hardware" option may expose sensitive information in an HPE OneView support dump. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Oneview
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): Prior to 7.0 or 6.60.01. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Oneview
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SSRF Oneview
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

A remote bypass security restrictions vulnerability was discovered in HPE OneView version(s): Prior to 7.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oneview
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Oneview
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A local unauthorized read access to files vulnerability was discovered in HPE OneView version(s): Prior to 6.6. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Oneview
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A local authentication restriction bypass vulnerability was discovered in HPE OneView version(s): Prior to 6.6. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Oneview
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView version(s): Prior to 6.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Oneview
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 6.6. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Oneview
NVD
EPSS 2% CVSS 8.8
HIGH This Week

There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Oneview Synergy Composer +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Unspecified vulnerability in HP OneView 1.0 and 1.01 allows remote authenticated users to gain privileges via unknown vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Oneview
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy