Command Injection Vulnerability in HPE OneView Product
CVE-2023-50274

7.8HIGH

Key Information:

Vendor: HP
Status: HPE OneView
Vendor: CVE Published:; 23 January 2024

Summary

A command injection vulnerability exists in HPE OneView that may permit attackers to execute arbitrary commands with elevated privileges on the affected system. This issue could enable unauthorized users to manipulate the server environment, impacting the integrity and security of the system. The vulnerability emphasizes the importance of maintaining updated security practices and monitoring for potential exploits within organizational infrastructures.

Affected Version(s)

HPE OneView 0 < 8.70

References

https://support.hpe.com/hpesc/public/docDisplay?docLocale...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 23, 2024
Vulnerability Reserved
Dec 6, 2023