CVE-2023-30908 – Hewlett Packard Enterprise OneView resetAdminPassword Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2023-30908
A remote authentication bypass issue exists in a OneView API. Existe un problema de omisión de autenticación remota en una API de OneView. This vulnerability allows remote attackers to bypass authentication on affected installations of Hewlett Packard Enterprise OneView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the resetAdminPassword endpoint. The issue results from the lack of proper validation of the attacker's IP address. • https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04530en_us •
CVE-2023-28084 – HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens
https://notcve.org/view.php?id=CVE-2023-28084
HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens • https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04468en_us https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04469en_us • CWE-522: Insufficiently Protected Credentials •
CVE-2023-28090
https://notcve.org/view.php?id=CVE-2023-28090
An HPE OneView appliance dump may expose SNMPv3 read credentials • https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04469en_us • CWE-522: Insufficiently Protected Credentials •
CVE-2023-28089
https://notcve.org/view.php?id=CVE-2023-28089
An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules • https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04469en_us • CWE-522: Insufficiently Protected Credentials •
CVE-2023-28088
https://notcve.org/view.php?id=CVE-2023-28088
An HPE OneView appliance dump may expose SAN switch administrative credentials • https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04469en_us • CWE-522: Insufficiently Protected Credentials •