Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for HPE OneView Global Dashboard by Hewlett Packard Enterprise

    CVE-2023-28084 (GCVE-0-2023-28084)

    Vulnerability from nvd – Published: 2023-04-25 19:00 – Updated: 2025-02-03 17:00
    VLAI
    Title
    HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens
    Summary
    HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-522 - Insufficiently Protected Credentials
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise HPE OneView Affected: 0 , ≤ 8.2 (custom)
    Affected: 0 , < 6.60.04 (custom)
    Create a notification for this product.
    Hewlett Packard Enterprise HPE OneView Global Dashboard Affected: 0 , < 2.72 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T12:30:24.061Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbgn04468en_us"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbgn04469en_us"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-28084",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-03T16:58:51.561128Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-522",
                    "description": "CWE-522 Insufficiently Protected Credentials",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-03T17:00:17.458Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "HPE OneView",
              "vendor": "Hewlett Packard Enterprise",
              "versions": [
                {
                  "lessThanOrEqual": "8.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.60.04",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "HPE OneView Global Dashboard",
              "vendor": "Hewlett Packard Enterprise",
              "versions": [
                {
                  "lessThan": "2.72",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens"
                }
              ],
              "value": "HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-522",
                  "description": "CWE-522 Insufficiently Protected Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-25T19:00:24.125Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbgn04468en_us"
            },
            {
              "url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbgn04469en_us"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2023-28084",
        "datePublished": "2023-04-25T19:00:14.252Z",
        "dateReserved": "2023-03-10T14:47:44.211Z",
        "dateUpdated": "2025-02-03T17:00:17.458Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-28084 (GCVE-0-2023-28084)

    Vulnerability from cvelistv5 – Published: 2023-04-25 19:00 – Updated: 2025-02-03 17:00
    VLAI
    Title
    HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens
    Summary
    HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-522 - Insufficiently Protected Credentials
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise HPE OneView Affected: 0 , ≤ 8.2 (custom)
    Affected: 0 , < 6.60.04 (custom)
    Create a notification for this product.
    Hewlett Packard Enterprise HPE OneView Global Dashboard Affected: 0 , < 2.72 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T12:30:24.061Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbgn04468en_us"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbgn04469en_us"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-28084",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-03T16:58:51.561128Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-522",
                    "description": "CWE-522 Insufficiently Protected Credentials",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-03T17:00:17.458Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "HPE OneView",
              "vendor": "Hewlett Packard Enterprise",
              "versions": [
                {
                  "lessThanOrEqual": "8.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.60.04",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "HPE OneView Global Dashboard",
              "vendor": "Hewlett Packard Enterprise",
              "versions": [
                {
                  "lessThan": "2.72",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens"
                }
              ],
              "value": "HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-522",
                  "description": "CWE-522 Insufficiently Protected Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-25T19:00:24.125Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbgn04468en_us"
            },
            {
              "url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbgn04469en_us"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2023-28084",
        "datePublished": "2023-04-25T19:00:14.252Z",
        "dateReserved": "2023-03-10T14:47:44.211Z",
        "dateUpdated": "2025-02-03T17:00:17.458Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }