https://community.hpe.com/t5/hpe-oneview/oneview-for-vcenter-security-vulnerability/m-p/7208944#M9068 <P>Hi,</P><P>I think its more to do with VMware or Qualys, rather than OneView.</P><P>Have you consulted VMware or Qualys regarding this issue?<BR /><A href="https://success.qualys.com/support/s/article/000006279" target="_blank">https://success.qualys.com/support/s/article/000006279</A><BR /><A href="https://success.qualys.com/support/s/article/000006387" target="_blank">https://success.qualys.com/support/s/article/000006387</A><BR /><A href="https://success.qualys.com/discussions/s/question/0D52L00004To0WSSAZ/how-does-one-resolve-qid11827-http-security-header-not-detected-for-vmware-esxi-670-build-16075168" target="_blank">https://success.qualys.com/discussions/s/question/0D52L00004To0WSSAZ/how-does-one-resolve-qid11827-http-security-header-not-detected-for-vmware-esxi-670-build-16075168</A></P><P>Thank You!<BR />I work with HPE but opinions expressed here are mine.</P> Thu, 14 Mar 2024 11:14:47 GMT Suman_1978 2024-03-14T11:14:47Z https://community.hpe.com/t5/hpe-oneview/oneview-for-vcenter-security-vulnerability/m-p/7208745#M9066 <P>The OneView for vCenter instance for my customer was flagged during a Qualys security scan for the following.</P><P><STRONG>Qualys QID: 11827 HTTP Security Header not detected. </STRONG></P><P>Has anyone seen that before and know how to fix the vulnerability?</P><P>They are using version 11.4</P><P>&nbsp;</P><P>Thanks in advance</P> Tue, 12 Mar 2024 17:38:36 GMT https://community.hpe.com/t5/hpe-oneview/oneview-for-vcenter-security-vulnerability/m-p/7208745#M9066 msobers22 2024-03-12T17:38:36Z https://community.hpe.com/t5/hpe-oneview/oneview-for-vcenter-security-vulnerability/m-p/7208944#M9068 <P>Hi,</P><P>I think its more to do with VMware or Qualys, rather than OneView.</P><P>Have you consulted VMware or Qualys regarding this issue?<BR /><A href="https://success.qualys.com/support/s/article/000006279" target="_blank">https://success.qualys.com/support/s/article/000006279</A><BR /><A href="https://success.qualys.com/support/s/article/000006387" target="_blank">https://success.qualys.com/support/s/article/000006387</A><BR /><A href="https://success.qualys.com/discussions/s/question/0D52L00004To0WSSAZ/how-does-one-resolve-qid11827-http-security-header-not-detected-for-vmware-esxi-670-build-16075168" target="_blank">https://success.qualys.com/discussions/s/question/0D52L00004To0WSSAZ/how-does-one-resolve-qid11827-http-security-header-not-detected-for-vmware-esxi-670-build-16075168</A></P><P>Thank You!<BR />I work with HPE but opinions expressed here are mine.</P> Thu, 14 Mar 2024 11:14:47 GMT https://community.hpe.com/t5/hpe-oneview/oneview-for-vcenter-security-vulnerability/m-p/7208944#M9068 Suman_1978 2024-03-14T11:14:47Z https://community.hpe.com/t5/hpe-oneview/oneview-for-vcenter-security-vulnerability/m-p/7209561#M9085 <P>If Qualys reports this for OV4VC its clearly and OV4VC or Qualys issue. But why should this be a&nbsp;<SPAN>VMware&nbsp;issue?</SPAN></P> Tue, 19 Mar 2024 14:56:51 GMT https://community.hpe.com/t5/hpe-oneview/oneview-for-vcenter-security-vulnerability/m-p/7209561#M9085 pirx 2024-03-19T14:56:51Z