Oneview
Monthly
This vulnerability could be exploited, leading to unauthorized disclosure of information to authenticated users. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
A remote code execution issue exists in HPE OneView. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A remote authentication bypass issue exists in some OneView APIs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A remote authentication bypass issue exists in a OneView API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
An HPE OneView appliance dump may expose SNMPv3 read credentials. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.
An HPE OneView appliance dump may expose SAN switch administrative credentials. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
An HPE OneView appliance dump may expose OneView user accounts. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
An HPE OneView appliance dump may expose proxy credential settings. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
HPE OneView virtual appliance "Migrate server hardware" option may expose sensitive information in an HPE OneView support dump. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): Prior to 7.0 or 6.60.01. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
A remote bypass security restrictions vulnerability was discovered in HPE OneView version(s): Prior to 7.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
A local unauthorized read access to files vulnerability was discovered in HPE OneView version(s): Prior to 6.6. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
A local authentication restriction bypass vulnerability was discovered in HPE OneView version(s): Prior to 6.6. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView version(s): Prior to 6.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 6.6. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Unspecified vulnerability in HP OneView 1.0 and 1.01 allows remote authenticated users to gain privileges via unknown vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
This vulnerability could be exploited, leading to unauthorized disclosure of information to authenticated users. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
A remote code execution issue exists in HPE OneView. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A remote authentication bypass issue exists in some OneView APIs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A remote authentication bypass issue exists in a OneView API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
An HPE OneView appliance dump may expose SNMPv3 read credentials. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.
An HPE OneView appliance dump may expose SAN switch administrative credentials. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
An HPE OneView appliance dump may expose OneView user accounts. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
An HPE OneView appliance dump may expose proxy credential settings. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
HPE OneView virtual appliance "Migrate server hardware" option may expose sensitive information in an HPE OneView support dump. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): Prior to 7.0 or 6.60.01. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
A remote bypass security restrictions vulnerability was discovered in HPE OneView version(s): Prior to 7.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
A local unauthorized read access to files vulnerability was discovered in HPE OneView version(s): Prior to 6.6. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
A local authentication restriction bypass vulnerability was discovered in HPE OneView version(s): Prior to 6.6. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView version(s): Prior to 6.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 6.6. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Unspecified vulnerability in HP OneView 1.0 and 1.01 allows remote authenticated users to gain privileges via unknown vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.