Missing Passphrase Vulnerability in HPE OneView
CVE-2023-6573

5.5MEDIUM

Key Information:

Vendor: HP
Status: HP Oneview
Vendor: CVE Published:; 23 January 2024

Summary

HPE OneView contains a vulnerability that arises from the absence of a required passphrase during the restore process. This oversight could potentially expose sensitive data or allow unauthorized access to critical system functions, undermining overall security integrity. Users are encouraged to review their configurations and apply the necessary safeguards to protect their systems.

Affected Version(s)

HPE OneView 0 < 8.70

References

https://support.hpe.com/hpesc/public/docDisplay?docLocale...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 23, 2024
Vulnerability Reserved
Dec 7, 2023