There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer. HPE has provided updates to Oneview and Synergy Composer: Update to version 5.5 of OneView, Composer, or Composer2.
2020-11-06T15:15:12.097
2024-11-21T05:36:48.797
Modified
CVSSv3.1: 8.8 (HIGH)
AV:N/AC:L/Au:S/C:P/I:P/A:P
8.0
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | hp | oneview | 5.0 | Yes |
| Application | hp | oneview | 5.00.01 | Yes |
| Application | hp | oneview | 5.00.02 | Yes |
| Application | hp | oneview | 5.2 | Yes |
| Application | hp | oneview | 5.3 | Yes |
| Application | hp | oneview | 5.4 | Yes |
| Application | hp | oneview | 5.20.01 | Yes |
| Application | hp | synergy_composer | 5.0 | Yes |
| Application | hp | synergy_composer | 5.00.01 | Yes |
| Application | hp | synergy_composer | 5.00.02 | Yes |
| Application | hp | synergy_composer | 5.2 | Yes |
| Application | hp | synergy_composer | 5.3 | Yes |
| Application | hp | synergy_composer | 5.4 | Yes |
| Application | hp | synergy_composer | 5.20.01 | Yes |
| Application | hp | synergy_composer_2 | 5.0 | Yes |
| Application | hp | synergy_composer_2 | 5.00.01 | Yes |
| Application | hp | synergy_composer_2 | 5.00.02 | Yes |
| Application | hp | synergy_composer_2 | 5.2 | Yes |
| Application | hp | synergy_composer_2 | 5.3 | Yes |
| Application | hp | synergy_composer_2 | 5.4 | Yes |
| Application | hp | synergy_composer_2 | 5.20.01 | Yes |