Local Unauthorized File Access Vulnerability in HPE OneView
CVE-2022-23700

5.5MEDIUM

Key Information:

Vendor: HP
Status: HP Oneview
Vendor: CVE Published:; 4 April 2022

Summary

A vulnerability has been identified in HPE OneView that allows unauthorized local users to gain access to sensitive files. This issue exists in versions prior to 6.6, and it has the potential to expose critical data. HPE has addressed this security concern by providing an updated software version, which is recommended for users to install in order to protect their systems from potential exploitation. For further details, please refer to the official HPE support documentation.

Affected Version(s)

HPE OneView Prior to 6.6

References

https://support.hpe.com/hpsc/doc/public/display?docLocale...

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 4, 2022
Vulnerability Reserved
Jan 19, 2022