| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| HPE OneView may allow clusterService Authentication Bypass resulting in denial of service. |
| HPE OneView may allow command injection with local privilege escalation. |
| Unspecified vulnerability in HP OneView 1.0 and 1.01 allows remote authenticated users to gain privileges via unknown vectors. |
| This vulnerability could be exploited, leading to unauthorized disclosure of information to authenticated users. |
| HPE OneView for VMware vCenter, in certain circumstances, may disclose the “HPE OneView” Username and Password. |
| A remote authentication bypass issue exists in a OneView API.
|
| HPE OneView virtual appliance "Migrate server hardware" option may expose sensitive information in an HPE OneView support dump |
| An HPE OneView appliance dump may expose OneView user accounts |
| An HPE OneView appliance dump may expose proxy credential settings |
| An HPE OneView appliance dump may expose SNMPv3 read credentials |
| An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules |
| An HPE OneView appliance dump may expose SAN switch administrative credentials |
| HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens |
| HPE OneView may have a missing passphrase during restore. |
| A remote authentication bypass issue exists in some
OneView APIs.
|
| A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): Prior to 7.0 or 6.60.01. A low privileged user could locally exploit this vulnerability to disclose sensitive information resulting in a complete loss of confidentiality, integrity, and availability. To exploit this vulnerability, HPE OneView must be configured with credential access to external repositories. HPE has provided a software update to resolve this vulnerability in HPE OneView. |
| A remote bypass security restrictions vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView. |
| A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView. |
| A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView. |
| A local unauthorized read access to files vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView. |
