Home/Product/hp oneview
Product

hp oneview

25 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-37164
<= 10.20.00
A remote code execution issue exists in HPE OneView.
10.0CRITICAL
 CVE-2024-42508
< 9.20.00
This vulnerability could be exploited, leading to unauthorized disclosure of information to authenticated users.
5.5MEDIUM
 CVE-2023-6573
< 8.70
HPE OneView may have a missing passphrase during restore.
5.5MEDIUM
 CVE-2023-50275
< 8.70
HPE OneView may allow clusterService Authentication Bypass resulting in denial of service.
7.5HIGH
 CVE-2023-50274
< 8.70
HPE OneView may allow command injection with local privilege escalation.
7.8HIGH
 CVE-2023-30912
< 8.60.00
A remote code execution issue exists in HPE OneView.
7.2HIGH
 CVE-2023-30909
< 8.30.01
A remote authentication bypass issue exists in some OneView APIs.
9.8CRITICAL
 CVE-2023-30908
< 6.60.05
A remote authentication bypass issue exists in a OneView API.
9.8CRITICAL
 CVE-2023-28084
< 6.60.04
HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens
5.5MEDIUM
 CVE-2023-28090
< 8.2
An HPE OneView appliance dump may expose SNMPv3 read credentials
5.5MEDIUM
 CVE-2023-28089
< 8.2
An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules
7.1HIGH
 CVE-2023-28088
< 8.2
An HPE OneView appliance dump may expose SAN switch administrative credentials
7.8HIGH
 CVE-2023-28087
< 8.2
An HPE OneView appliance dump may expose OneView user accounts
5.5MEDIUM
 CVE-2023-28086
< 8.2
An HPE OneView appliance dump may expose proxy credential settings
5.5MEDIUM
 CVE-2023-28091
>= 7.0 and <= 8.1
HPE OneView virtual appliance "Migrate server hardware" option may expose sensitive information in an HPE OneView support dump
5.5MEDIUM
 CVE-2022-28625
< 6.60.01
A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): Prior to 7.0 or 6.60.01. A low
5.5MEDIUM
 CVE-2022-28616
< 7.0
A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided
9.8CRITICAL
 CVE-2022-28617
< 7.0
A remote bypass security restrictions vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a sof
9.8CRITICAL
 CVE-2022-23706
< 7.0
A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a softw
6.1MEDIUM
 CVE-2022-23700
< 6.6
A local unauthorized read access to files vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a
5.5MEDIUM
 CVE-2022-23699
< 6.6
A local authentication restriction bypass vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a
7.8HIGH
 CVE-2022-23698
< 6.6
A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has p
7.5HIGH
 CVE-2022-23697
< 6.6
A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a softw
6.1MEDIUM
 CVE-2020-7198
all versions
There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer
8.8HIGH
 CVE-2014-2602
all versions
Unspecified vulnerability in HP OneView 1.0 and 1.01 allows remote authenticated users to gain privileges via unknown vectors.
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin