PT-2022-19113 · Hewlett Packard · Hpe Oneview
Published
2022-08-31
·
Updated
2022-09-07
·
CVE-2022-28625
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
HPE OneView versions prior to 7.0
HPE OneView version 6.60.01
Description
A local disclosure of sensitive information issue was discovered. It allows a low privileged user to locally exploit the issue and disclose sensitive information, resulting in a complete loss of confidentiality, integrity, and availability. To exploit this issue, HPE OneView must be configured with credential access to external repositories.
Recommendations
For HPE OneView versions prior to 7.0, update to version 7.0 or later to resolve the issue.
For HPE OneView version 6.60.01, update to a version later than 6.60.01 to resolve the issue.
Fix
Insertion into Log File
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hpe Oneview