CVE-2023-6573
https://notcve.org/view.php?id=CVE-2023-6573
HPE OneView may have a missing passphrase during restore. Es posible que a HPE OneView le falte una frase de contraseña durante la restauración. • https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04586en_us • CWE-522: Insufficiently Protected Credentials •
CVE-2023-50275 – Hewlett Packard Enterprise OneView clusterService Authentication Bypass Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-50275
HPE OneView may allow clusterService Authentication Bypass resulting in denial of service. HPE OneView puede permitir la omisión de autenticación del servicio de clúster, lo que resulta en una denegación de servicio. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Hewlett Packard Enterprise OneView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the clusterService. The issue results from the lack of proper validation of the attacker's IP address, which results in exposure of functionality that should be available only on the loopback interface. • https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04586en_us • CWE-287: Improper Authentication •
CVE-2023-50274 – Hewlett Packard Enterprise OneView startUpgradeCommon Command Injection Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-50274
HPE OneView may allow command injection with local privilege escalation. HPE OneView puede permitir la inyección de comandos con escalada de privilegios local. This vulnerability allows local attackers to escalate privileges code on affected installations of Hewlett Packard Enterprise OneView. An attacker must first obtain the ability to execute low-privileged code on the target system or send an HTTP request to a local service in order to exploit this vulnerability. The specific flaw exists within the startUpgradeCommon method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. • https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04586en_us • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2023-30909
https://notcve.org/view.php?id=CVE-2023-30909
A remote authentication bypass issue exists in some OneView APIs. Existe un problema de omisión de autenticación remota en algunas API de OneView. • https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04538en_us • CWE-294: Authentication Bypass by Capture-replay •
CVE-2023-30908 – Hewlett Packard Enterprise OneView resetAdminPassword Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2023-30908
A remote authentication bypass issue exists in a OneView API. Existe un problema de omisión de autenticación remota en una API de OneView. This vulnerability allows remote attackers to bypass authentication on affected installations of Hewlett Packard Enterprise OneView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the resetAdminPassword endpoint. The issue results from the lack of proper validation of the attacker's IP address. • https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04530en_us •