Remote Server-Side Request Forgery Vulnerability in HPE OneView
CVE-2022-28616

9.8CRITICAL

Key Information:

Vendor: HP
Status: HP Oneview
Vendor: CVE Published:; 17 May 2022

What is CVE-2022-28616?

A remote server-side request forgery (SSRF) vulnerability has been identified in HPE OneView versions prior to 7.0. This issue allows an attacker to send unauthorized requests from the server, potentially accessing sensitive information. HPE has released updates to mitigate this vulnerability, urging users to upgrade to the latest version to ensure their systems are secure. For more details, visit the official HPE support page.

Affected Version(s)

HPE OneView Prior to 7.0

References

https://support.hpe.com/hpsc/doc/public/display?docLocale...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 17, 2022
Vulnerability Reserved
Apr 4, 2022