An HPE OneView appliance dump may expose SAN switch administrative credentials

An HPE OneView appliance dump may expose OneView user accounts

An HPE OneView appliance dump may expose proxy credential settings

HPE OneView virtual appliance "Migrate server hardware" option may expose sensitive information in an HPE OneView support dump

An HPE OneView Global Dashboard (OVGD) appliance dump may expose OVGD user account credentials

HPE OneView for VMware vCenter, in certain circumstances, may disclose the “HPE OneView” Username and Password.

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Hewlett Packard Enterprise HPE OneView Global Dashboard (OVGD).

A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): Prior to 7.0 or 6.60.01. A low privileged user could locally exploit this vulnerability to disclose sensitive information resulting in a complete loss of confidentiality, integrity, and availability. To exploit this vulnerability, HPE OneView must be configured with credential access to external repositories. HPE has provided a software update to resolve this vulnerability in HPE OneView.

A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.

A remote bypass security restrictions vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.