Oneview
by Microfocus
CVEs (14)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-37164 | 0.21 | — | 0.79 | KEV | Dec 16, 2025 | A remote code execution issue exists in HPE OneView. | ||
| CVE-2023-6573 | 0.00 | — | 0.00 | Jan 23, 2024 | HPE OneView may have a missing passphrase during restore. | |||
| CVE-2023-50275 | 0.00 | — | 0.00 | Jan 23, 2024 | HPE OneView may allow clusterService Authentication Bypass resulting in denial of service. | |||
| CVE-2023-50274 | 0.00 | — | 0.00 | Jan 23, 2024 | HPE OneView may allow command injection with local privilege escalation. | |||
| CVE-2022-28625 | 0.00 | — | 0.00 | Aug 31, 2022 | A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): Prior to 7.0 or 6.60.01. A low privileged user could locally exploit this vulnerability to disclose sensitive information resulting in a complete loss of confidentiality,… | |||
| CVE-2022-28616 | 0.00 | — | 0.00 | May 17, 2022 | A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView. | |||
| CVE-2022-23706 | 0.00 | — | 0.01 | May 17, 2022 | A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView. | |||
| CVE-2022-28617 | 0.00 | — | 0.00 | May 17, 2022 | A remote bypass security restrictions vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView. | |||
| CVE-2022-23700 | 0.00 | — | 0.00 | Apr 4, 2022 | A local unauthorized read access to files vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView. | |||
| CVE-2022-23699 | 0.00 | — | 0.00 | Apr 4, 2022 | A local authentication restriction bypass vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView. | |||
| CVE-2022-23698 | 0.00 | — | 0.00 | Apr 4, 2022 | A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView. | |||
| CVE-2022-23697 | 0.00 | — | 0.00 | Apr 4, 2022 | A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView. | |||
| CVE-2020-7198 | 0.00 | — | 0.00 | Nov 6, 2020 | There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer. HPE has provided updates to Oneview and Synergy Composer: Update to version 5.5 of OneView, Composer, or Composer2. | |||
| CVE-2014-2602 | 0.00 | — | 0.00 | May 8, 2014 | Unspecified vulnerability in HP OneView 1.0 and 1.01 allows remote authenticated users to gain privileges via unknown vectors. |
- risk 0.21cvss —epss 0.79
A remote code execution issue exists in HPE OneView.
- CVE-2023-6573Jan 23, 2024risk 0.00cvss —epss 0.00
HPE OneView may have a missing passphrase during restore.
- CVE-2023-50275Jan 23, 2024risk 0.00cvss —epss 0.00
HPE OneView may allow clusterService Authentication Bypass resulting in denial of service.
- CVE-2023-50274Jan 23, 2024risk 0.00cvss —epss 0.00
HPE OneView may allow command injection with local privilege escalation.
- CVE-2022-28625Aug 31, 2022risk 0.00cvss —epss 0.00
A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): Prior to 7.0 or 6.60.01. A low privileged user could locally exploit this vulnerability to disclose sensitive information resulting in a complete loss of confidentiality,…
- CVE-2022-28616May 17, 2022risk 0.00cvss —epss 0.00
A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.
- CVE-2022-23706May 17, 2022risk 0.00cvss —epss 0.01
A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.
- CVE-2022-28617May 17, 2022risk 0.00cvss —epss 0.00
A remote bypass security restrictions vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.
- CVE-2022-23700Apr 4, 2022risk 0.00cvss —epss 0.00
A local unauthorized read access to files vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.
- CVE-2022-23699Apr 4, 2022risk 0.00cvss —epss 0.00
A local authentication restriction bypass vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.
- CVE-2022-23698Apr 4, 2022risk 0.00cvss —epss 0.00
A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.
- CVE-2022-23697Apr 4, 2022risk 0.00cvss —epss 0.00
A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.
- CVE-2020-7198Nov 6, 2020risk 0.00cvss —epss 0.00
There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer. HPE has provided updates to Oneview and Synergy Composer: Update to version 5.5 of OneView, Composer, or Composer2.
- CVE-2014-2602May 8, 2014risk 0.00cvss —epss 0.00
Unspecified vulnerability in HP OneView 1.0 and 1.01 allows remote authenticated users to gain privileges via unknown vectors.