Remote Authentication Bypass in HPE OneView API
CVE-2023-30908

9.8CRITICAL

Key Information:

Vendor: HP
Status: HPE OneView
Vendor: CVE Published:; 7 September 2023

Summary

A significant vulnerability within the HPE OneView API allows remote attackers to bypass authentication mechanisms. This issue can lead to unauthorized access, potentially compromising sensitive data and system integrity. Organizations using HPE OneView must take immediate action to mitigate risks associated with this vulnerability to ensure the security of their environments.

Affected Version(s)

HPE OneView 0 < 8.5

HPE OneView 0 < 6.60.05 LTS

References

https://support.hpe.com/hpesc/public/docDisplay?docLocale...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 7, 2023
Vulnerability Reserved
Apr 20, 2023

Credit

Hewlett Packard Enterprise acknowledges Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) working with Trend Micro Zero Day Initiative for reporting this remote authentication bypass issue (CVE-2023-30908) to [email protected].