There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer. HPE has provided updates to Oneview and Synergy Composer: Update to version 5.5 of OneView, Composer, or Composer2.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Oneview | Hp | 5.0 (including) | 5.0 (including) |
| Oneview | Hp | 5.00.01 (including) | 5.00.01 (including) |
| Oneview | Hp | 5.00.02 (including) | 5.00.02 (including) |
| Oneview | Hp | 5.2 (including) | 5.2 (including) |
| Oneview | Hp | 5.3 (including) | 5.3 (including) |
| Oneview | Hp | 5.4 (including) | 5.4 (including) |
| Oneview | Hp | 5.20.01 (including) | 5.20.01 (including) |
| Synergy_composer | Hp | 5.0 (including) | 5.0 (including) |
| Synergy_composer | Hp | 5.00.01 (including) | 5.00.01 (including) |
| Synergy_composer | Hp | 5.00.02 (including) | 5.00.02 (including) |
| Synergy_composer | Hp | 5.2 (including) | 5.2 (including) |
| Synergy_composer | Hp | 5.3 (including) | 5.3 (including) |
| Synergy_composer | Hp | 5.4 (including) | 5.4 (including) |
| Synergy_composer | Hp | 5.20.01 (including) | 5.20.01 (including) |
| Synergy_composer_2 | Hp | 5.0 (including) | 5.0 (including) |
| Synergy_composer_2 | Hp | 5.00.01 (including) | 5.00.01 (including) |
| Synergy_composer_2 | Hp | 5.00.02 (including) | 5.00.02 (including) |
| Synergy_composer_2 | Hp | 5.2 (including) | 5.2 (including) |
| Synergy_composer_2 | Hp | 5.3 (including) | 5.3 (including) |
| Synergy_composer_2 | Hp | 5.4 (including) | 5.4 (including) |
| Synergy_composer_2 | Hp | 5.20.01 (including) | 5.20.01 (including) |