CVE-2024-42508
https://notcve.org/view.php?id=CVE-2024-42508
This vulnerability could be exploited, leading to unauthorized disclosure of information to authenticated users. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04721en_us&docLocale=en_US • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2023-30912 – Hewlett Packard Enterprise OneView Backup Hard-coded Cryptographic Key Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-30912
A remote code execution issue exists in HPE OneView. Existe un problema de ejecución remota de código en HPE OneView. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise OneView. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Backup functionality. The issue results from the product's use of a hard-coded cryptographic key. • https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04548en_us • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2023-28084 – HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens
https://notcve.org/view.php?id=CVE-2023-28084
HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens • https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04468en_us https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04469en_us • CWE-522: Insufficiently Protected Credentials •
CVE-2023-28085
https://notcve.org/view.php?id=CVE-2023-28085
An HPE OneView Global Dashboard (OVGD) appliance dump may expose OVGD user account credentials • https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04468en_us •
CVE-2022-37927
https://notcve.org/view.php?id=CVE-2022-37927
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Hewlett Packard Enterprise HPE OneView Global Dashboard (OVGD). Vulnerabilidad de redirección de URL a un sitio que no es de confianza ("Open Redirect") en Hewlett Packard Enterprise HPE OneView Global Dashboard (OVGD). • https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04370en_us • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •