CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6573
https://notcve.org/view.php?id=CVE-2023-6573
HPE OneView may have a missing passphrase during restore. Es posible que a HPE OneView le falte una frase de contraseña durante la restauración. • https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04586en_us •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50275 – Hewlett Packard Enterprise OneView clusterService Authentication Bypass Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-50275
HPE OneView may allow clusterService Authentication Bypass resulting in denial of service. HPE OneView puede permitir la omisión de autenticación del servicio de clúster, lo que resulta en una denegación de servicio. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Hewlett Packard Enterprise OneView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the clusterService. The issue results from the lack of proper validation of the attacker's IP address, which results in exposure of functionality that should be available only on the loopback interface. • https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04586en_us • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50274 – Hewlett Packard Enterprise OneView startUpgradeCommon Command Injection Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-50274
HPE OneView may allow command injection with local privilege escalation. HPE OneView puede permitir la inyección de comandos con escalada de privilegios local. This vulnerability allows local attackers to escalate privileges code on affected installations of Hewlett Packard Enterprise OneView. An attacker must first obtain the ability to execute low-privileged code on the target system or send an HTTP request to a local service in order to exploit this vulnerability. The specific flaw exists within the startUpgradeCommon method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. • https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04586en_us • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30912 – Hewlett Packard Enterprise OneView Backup Hard-coded Cryptographic Key Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-30912
A remote code execution issue exists in HPE OneView. Existe un problema de ejecución remota de código en HPE OneView. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise OneView. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Backup functionality. The issue results from the product's use of a hard-coded cryptographic key. • https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04548en_us • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30909
https://notcve.org/view.php?id=CVE-2023-30909
A remote authentication bypass issue exists in some OneView APIs. Existe un problema de omisión de autenticación remota en algunas API de OneView. • https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04538en_us •