CVE Vulnerabilities

CVE-2023-28088

Insufficiently Protected Credentials

Published: Apr 25, 2023 | Modified: May 04, 2023
CVSS 3.x
7.8
HIGH
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

An HPE OneView appliance dump may expose SAN switch administrative credentials

Weakness

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Affected Software

Name Vendor Start Version End Version
Oneview Hp * 6.60.04 (excluding)
Oneview Hp * 8.2 (excluding)

Potential Mitigations

References