CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-28084 – HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens
https://notcve.org/view.php?id=CVE-2023-28084
HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens • https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04468en_us https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04469en_us • CWE-522: Insufficiently Protected Credentials •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28085
https://notcve.org/view.php?id=CVE-2023-28085
An HPE OneView Global Dashboard (OVGD) appliance dump may expose OVGD user account credentials • https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04468en_us •
CVSS: 8.8EPSS: 0%CPEs: 23EXPL: 0CVE-2023-1168 – Authenticated Remote Code Execution in Aruba CX Switches
https://notcve.org/view.php?id=CVE-2023-1168
An authenticated remote code execution vulnerability exists in the AOS-CX Network Analytics Engine. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system, leading to a complete compromise of the switch running AOS-CX. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-004.txt •
CVSS: 8.3EPSS: 0%CPEs: 162EXPL: 0CVE-2023-28083 – Potential Cross-Site scripting vulnerability in HPE Integrated Lights-Out 6 (iLO 6), Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 4 (iLO 4).
https://notcve.org/view.php?id=CVE-2023-28083
A remote Cross-site Scripting vulnerability was discovered in HPE Integrated Lights-Out 6 (iLO 6), Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 4 (iLO 4). HPE has provided software updates to resolve this vulnerability in HPE Integrated Lights-Out. • https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04456en_us • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-37940
https://notcve.org/view.php?id=CVE-2022-37940
Potential security vulnerabilities have been identified in the HPE FlexFabric 5700 Switch Series. These vulnerabilities could be remotely exploited to allow host header injection and URL redirection. HPE has made the following software to resolve the vulnerability in HPE FlexFabric 5700 Switch Series version R2432P61 or later. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04398en_us • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •