Lucene search

HpeCVELIST:CVE-2023-50275

HistoryJan 23, 2024 - 5:09 p.m.

CVE-2023-50275

2024-01-2317:09:52

hpe

www.cve.org

hpe oneview

clusterservice

authentication bypass

cve-2023-50275

denial of service

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

30.2%

JSON

HPE OneView may allow clusterService Authentication Bypass resulting in denial of service.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "HPE OneView",
    "vendor": "Hewlett Packard Enterprise",
    "versions": [
      {
        "lessThan": "8.70",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04586en_us

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

30.2%

JSON

Related for CVELIST:CVE-2023-50275