There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer. HPE has provided updates to Oneview and Synergy Composer: Update to version 5.5 of OneView, Composer, or Composer2.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Oneview | Hp | 5.0 (including) | 5.0 (including) |
| Oneview | Hp | 5.00.01 (including) | 5.00.01 (including) |
| Oneview | Hp | 5.00.02 (including) | 5.00.02 (including) |
| Oneview | Hp | 5.2 (including) | 5.2 (including) |
| Oneview | Hp | 5.3 (including) | 5.3 (including) |
| Oneview | Hp | 5.4 (including) | 5.4 (including) |
| Oneview | Hp | 5.20.01 (including) | 5.20.01 (including) |
| Synergy_composer | Hp | 5.0 (including) | 5.0 (including) |
| Synergy_composer | Hp | 5.00.01 (including) | 5.00.01 (including) |
| Synergy_composer | Hp | 5.00.02 (including) | 5.00.02 (including) |
| Synergy_composer | Hp | 5.2 (including) | 5.2 (including) |
| Synergy_composer | Hp | 5.3 (including) | 5.3 (including) |
| Synergy_composer | Hp | 5.4 (including) | 5.4 (including) |
| Synergy_composer | Hp | 5.20.01 (including) | 5.20.01 (including) |
| Synergy_composer_2 | Hp | 5.0 (including) | 5.0 (including) |
| Synergy_composer_2 | Hp | 5.00.01 (including) | 5.00.01 (including) |
| Synergy_composer_2 | Hp | 5.00.02 (including) | 5.00.02 (including) |
| Synergy_composer_2 | Hp | 5.2 (including) | 5.2 (including) |
| Synergy_composer_2 | Hp | 5.3 (including) | 5.3 (including) |
| Synergy_composer_2 | Hp | 5.4 (including) | 5.4 (including) |
| Synergy_composer_2 | Hp | 5.20.01 (including) | 5.20.01 (including) |
References
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04047en_us
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf04047en_us