Description
There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer. HPE has provided updates to Oneview and Synergy Composer: Update to version 5.5 of OneView, Composer, or Composer2.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04047en_us
Scores
CVSS v3
8.8
EPSS
0.0045
EPSS Percentile
63.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (21)
hp/oneview
5.0
hp/oneview
5.00.01
hp/oneview
5.00.02
hp/oneview
5.2
hp/oneview
5.3
hp/oneview
5.4
hp/oneview
5.20.01
hp/synergy_composer
5.0
hp/synergy_composer
5.00.01
hp/synergy_composer
5.00.02
... and 11 more
Published
Nov 06, 2020
Tracked Since
Feb 18, 2026