cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-6573,https://securityvulnerability.io/vulnerability/CVE-2023-6573,Missing Passphrase Vulnerability in HPE OneView,"HPE OneView contains a vulnerability that arises from the absence of a required passphrase during the restore process. This oversight could potentially expose sensitive data or allow unauthorized access to critical system functions, undermining overall security integrity. Users are encouraged to review their configurations and apply the necessary safeguards to protect their systems.",HP,HP Oneview,5.5,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2024-01-23T17:13:31.781Z,0
CVE-2023-30909,https://securityvulnerability.io/vulnerability/CVE-2023-30909,Remote Authentication Bypass in HPE OneView APIs,"A security vulnerability that allows an attacker to bypass authentication mechanisms in certain HPE OneView APIs, potentially leading to unauthorized access. This flaw highlights the importance of implementing robust authentication and access control measures within API services to mitigate risks and protect sensitive data.",HP,HP Oneview,9.8,CRITICAL,0.0023399998899549246,false,,false,false,false,,,false,false,,2023-09-14T15:15:00.000Z,0
CVE-2023-30908,https://securityvulnerability.io/vulnerability/CVE-2023-30908,Remote Authentication Bypass in HPE OneView API,"A significant vulnerability within the HPE OneView API allows remote attackers to bypass authentication mechanisms. This issue can lead to unauthorized access, potentially compromising sensitive data and system integrity. Organizations using HPE OneView must take immediate action to mitigate risks associated with this vulnerability to ensure the security of their environments.",HP (HP),HP Oneview,9.8,CRITICAL,0.004809999838471413,false,,false,false,false,,,false,false,,2023-09-07T22:15:00.000Z,0
CVE-2023-28084,https://securityvulnerability.io/vulnerability/CVE-2023-28084,HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens,HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens,HP,"HP Oneview,HP Oneview Global Dashboard",5.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-04-25T20:15:00.000Z,0
CVE-2023-28087,https://securityvulnerability.io/vulnerability/CVE-2023-28087,User Account Exposure Issue in HPE OneView Appliance,"The HPE OneView appliance has a vulnerability that can lead to the exposure of user account information through an appliance dump. This issue could allow unauthorized access to sensitive user data, raising significant security concerns for organizations utilizing HPE OneView.",HP (HP),HP Oneview,5.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-04-25T19:15:00.000Z,0
CVE-2023-28090,https://securityvulnerability.io/vulnerability/CVE-2023-28090,SNMPv3 Credential Exposure in HPE OneView Appliances,A vulnerability in the HPE OneView appliance allows for the dump of data that may unintentionally expose SNMPv3 read credentials. This exposure can lead to unauthorized access and should be addressed to secure the network environment. It is crucial for organizations using HPE OneView to assess their configurations and apply any necessary updates or mitigations.,HP (HP),HP Oneview,5.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-04-25T19:15:00.000Z,0
CVE-2023-28089,https://securityvulnerability.io/vulnerability/CVE-2023-28089,FTP Credential Exposure in HPE OneView for c7000 Interconnect Modules,"A vulnerability in HPE OneView may allow unauthorized exposure of FTP credentials stored in appliance dumps for c7000 Interconnect Modules. This could potentially enable malicious actors to gain unauthorized access, increasing the risk of data breaches. It’s crucial for users of HPE OneView to review their security practices and ensure that appliance dumps are handled securely to mitigate this risk.",HP (HP),HP Oneview,7.1,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-04-25T19:15:00.000Z,0
CVE-2023-28088,https://securityvulnerability.io/vulnerability/CVE-2023-28088,Exposed SAN Switch Administrative Credentials in HPE OneView Appliance,"A misconfiguration in the HPE OneView appliance can lead to the exposure of administrative credentials used for SAN switches. This vulnerability arises from improper handling of appliance dumps, which may inadvertently reveal sensitive credentials, potentially allowing unauthorized users to gain control over SAN infrastructure. Organizations using HPE OneView should review their configurations and secure access to sensitive dumps to mitigate risks associated with unauthorized access.",HP (HP),HP Oneview,7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-04-25T19:15:00.000Z,0
CVE-2023-28086,https://securityvulnerability.io/vulnerability/CVE-2023-28086,Credential Exposure in HPE OneView Appliance Due to Configuration Dump,"The HPE OneView appliance has a vulnerability where an unguarded dump may inadvertently expose proxy credential settings, potentially allowing unauthorized access to sensitive information. This issue highlights the importance of securing application dumps and managing configuration settings to protect essential credential information from unauthorized access.",HP (HP),HP Oneview,5.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-04-25T19:15:00.000Z,0
CVE-2023-28091,https://securityvulnerability.io/vulnerability/CVE-2023-28091,Information Exposure in HPE OneView Virtual Appliance,"The HPE OneView virtual appliance includes a 'Migrate server hardware' option that could potentially leak sensitive information contained within an HPE OneView support dump. This exposure can lead to unauthorized access to critical data, posing a significant risk to user privacy and data integrity. Organizations using HPE OneView should take immediate steps to assess their configurations and implement mitigations as necessary to safeguard against potential data breaches.",HP (HP),HP Oneview,5.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-04-14T15:15:00.000Z,0
CVE-2023-28085,https://securityvulnerability.io/vulnerability/CVE-2023-28085,Credential Exposure Vulnerability in HPE OneView Global Dashboard Appliance,The HPE OneView Global Dashboard appliance has a vulnerability that may lead to the exposure of user account credentials through appliance dumps. This incident could allow unauthorized access if sensitive information is retrieved without proper safeguards. Users of the HPE OneView Global Dashboard should assess their security configurations and consider implementing additional protective measures to mitigate this risk.,HP (HP),HP Oneview Global Dashboard,5.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-04-14T15:15:00.000Z,0
CVE-2022-37935,https://securityvulnerability.io/vulnerability/CVE-2022-37935,Credential Disclosure Vulnerability in HPE OneView for VMware vCenter,"HPE OneView for VMware vCenter has a vulnerability that may allow an unauthorized user to access sensitive information, including the HPE OneView username and password. This exposure can lead to unauthorized access and manipulation of resources if the credentials are intercepted or disclosed. It is critical for organizations using this product to implement security measures to protect against potential exploitation.",HP,"HP Oneview For Vmware Vcenter,",5.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-02-18T01:27:45.128Z,0
CVE-2022-37927,https://securityvulnerability.io/vulnerability/CVE-2022-37927,Open Redirect Vulnerability in HPE OneView Global Dashboard,"The Open Redirect vulnerability in HPE OneView Global Dashboard allows an attacker to redirect users to untrusted external sites. This security flaw can be exploited to facilitate phishing attacks or distribute malware, as it undermines the user’s ability to identify legitimate links. Victims may unintentionally disclose sensitive information, falling prey to malicious actors. Organizations are advised to apply the necessary security updates and implement robust input validation measures to mitigate potential risks.",HP,HP Oneview Global Dashboard (ovgd),6.1,MEDIUM,0.0007200000109151006,false,,false,false,false,,,false,false,,2022-12-12T13:15:00.000Z,0
CVE-2022-28625,https://securityvulnerability.io/vulnerability/CVE-2022-28625,Local Disclosure of Sensitive Information in HPE OneView,"A vulnerability allowing low privileged users to exploit HPE OneView versions prior to 7.0 and 6.60.01 has been identified. When HPE OneView is configured with credential access to external repositories, it may expose sensitive information leading to a significant loss of confidentiality, integrity, and availability. HPE recommends users update to the latest version to mitigate potential risks.",HP,HP Oneview,5.5,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-08-31T15:59:33.000Z,0
CVE-2022-28616,https://securityvulnerability.io/vulnerability/CVE-2022-28616,Remote Server-Side Request Forgery Vulnerability in HPE OneView,"A remote server-side request forgery (SSRF) vulnerability has been identified in HPE OneView versions prior to 7.0. This issue allows an attacker to send unauthorized requests from the server, potentially accessing sensitive information. HPE has released updates to mitigate this vulnerability, urging users to upgrade to the latest version to ensure their systems are secure. For more details, visit the official HPE support page.",HP,HP Oneview,9.8,CRITICAL,0.002529999939724803,false,,false,false,false,,,false,false,,2022-05-17T20:04:17.000Z,0
CVE-2022-23706,https://securityvulnerability.io/vulnerability/CVE-2022-23706,Remote Cross-Site Scripting Vulnerability in HPE OneView,"A remote cross-site scripting (XSS) vulnerability was found in HPE OneView, specifically in versions prior to 7.0. This flaw could allow an attacker to execute arbitrary scripts in the context of a user’s session, potentially compromising sensitive data and user interactions. HPE has released a software update to address this vulnerability, emphasizing the importance of keeping systems up-to-date to mitigate security risks.",HP,HP Oneview,6.1,MEDIUM,0.0005799999926239252,false,,false,false,false,,,false,false,,2022-05-17T20:01:57.000Z,0
CVE-2022-28617,https://securityvulnerability.io/vulnerability/CVE-2022-28617,Remote Bypass Security Restrictions in HPE OneView,"A security vulnerability allowing remote bypass of security restrictions has been identified in HPE OneView software versions earlier than 7.0. This flaw may enable unauthorized access and control over critical system functionalities. HPE has issued a software update to address this issue, ensuring that users maintain the integrity and security of their systems. It is crucial for users to apply the latest patches to safeguard against potential exploits.",HP,HP Oneview,9.8,CRITICAL,0.005539999809116125,false,,false,false,false,,,false,false,,2022-05-17T19:59:15.000Z,0
CVE-2022-23700,https://securityvulnerability.io/vulnerability/CVE-2022-23700,Local Unauthorized File Access Vulnerability in HPE OneView,"A vulnerability has been identified in HPE OneView that allows unauthorized local users to gain access to sensitive files. This issue exists in versions prior to 6.6, and it has the potential to expose critical data. HPE has addressed this security concern by providing an updated software version, which is recommended for users to install in order to protect their systems from potential exploitation. For further details, please refer to the official HPE support documentation.",HP,HP Oneview,5.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-04-04T19:45:42.000Z,0
CVE-2022-23699,https://securityvulnerability.io/vulnerability/CVE-2022-23699,Local Authentication Restriction Bypass in HPE OneView,"A local authentication restriction bypass vulnerability was identified in HPE OneView versions prior to 6.6. This flaw enables unauthorized local access to the system, thereby potentially allowing malicious users to exploit sensitive functionalities without proper credentials. To mitigate this issue, HPE has released a software update, urging users to upgrade their systems to enhance security.",HP,HP Oneview,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-04-04T19:45:41.000Z,0
CVE-2022-23698,https://securityvulnerability.io/vulnerability/CVE-2022-23698,Remote Unauthenticated Disclosure of Information in HPE OneView,"A remote unauthenticated information disclosure vulnerability has been identified in HPE OneView, affecting versions prior to 6.6. This vulnerability allows attackers to gain unauthorized access to sensitive data without needing valid credentials. To mitigate this risk, HPE has released a software update that addresses this issue, ensuring users can securely manage their infrastructure.",HP,HP Oneview,7.5,HIGH,0.0018599999602884054,false,,false,false,false,,,false,false,,2022-04-04T19:45:40.000Z,0
CVE-2022-23697,https://securityvulnerability.io/vulnerability/CVE-2022-23697,Remote Cross-Site Scripting Vulnerability in HPE OneView,"A remote cross-site scripting (XSS) vulnerability was found in HPE OneView. This flaw allows attackers to execute arbitrary scripts in the user's browser, potentially leading to data theft or unauthorized access. HPE has released a software update to mitigate this vulnerability, recommending all users to upgrade to version 6.6 or later to secure their systems.",HP,HP Oneview,6.1,MEDIUM,0.0005799999926239252,false,,false,false,false,,,false,false,,2022-04-04T19:45:39.000Z,0
CVE-2021-26585,https://securityvulnerability.io/vulnerability/CVE-2021-26585,Local Information Disclosure in HPE OneView Global Dashboard,"A vulnerability has been identified in HPE OneView Global Dashboard, specifically in release 2.31, that may result in local disclosure of privileged information. This issue can potentially expose sensitive information to unauthorized users. Hewlett Packard Enterprise has addressed this security concern in the subsequent release, version 2.32. It is imperative for users to update to the latest version to mitigate the risk associated with this vulnerability.",HP,HP Oneview Global Dashboard,5.5,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2021-06-24T11:02:24.000Z,0
CVE-2021-26584,https://securityvulnerability.io/vulnerability/CVE-2021-26584,Cross-Site Scripting Vulnerability in HPE OneView for VMware vCenter,"A security vulnerability in HPE OneView for VMware vCenter allows an attacker to exploit the system remotely through Cross-Site Scripting. This can enable malicious scripts to be executed in the context of the user’s session, potentially leading to data theft or unauthorized actions. HPE has identified this issue and released a software update to mitigate the risk associated with this vulnerability.",HP,HP Oneview For Vmware Vcenter With Operations Manager And Log Insight,6.1,MEDIUM,0.0005799999926239252,false,,false,false,false,,,false,false,,2021-06-03T10:59:53.000Z,0
CVE-2020-7198,https://securityvulnerability.io/vulnerability/CVE-2020-7198,Remote Privilege Escalation in HPE OneView and Synergy Composer,"A remote privilege escalation vulnerability exists in HPE OneView and Synergy Composer, potentially allowing a malicious user with an existing OneView account to gain unauthorized privileges. It is essential for users to update to version 5.5 or higher of OneView and Synergy Composer to mitigate this security risk. For further information, visit HPE's support page.",HP,HP Oneview; HP Synergy Composer; HP Synergy Composer 2,8.8,HIGH,0.00570000009611249,false,,false,false,false,,,false,false,,2020-11-06T14:14:04.000Z,0
CVE-2020-7130,https://securityvulnerability.io/vulnerability/CVE-2020-7130,Remote Information Disclosure Vulnerability in HPE OneView Global Dashboard,"HPE OneView Global Dashboard version 1.9 contains a vulnerability that allows for remote information disclosure. Following the installation or upgrade of this version, the appliance firewall may inadvertently leave certain ports open, which could be exploited by an unauthorized user to access sensitive data. To mitigate this risk, upgrading to OVGD version 1.91 or later is strongly advised.",HP,HP Oneview Global Dashboard,7.5,HIGH,0.005260000005364418,false,,false,false,false,,,false,false,,2020-03-04T20:21:40.000Z,0