HPE OneView
1855255 Members
7185 Online
104109 Solutions
New Discussion

Oneview 6.60.05 , fix for CVE-2023-30909

 
SOLVED
Go to solution
Nico Lietz
Occasional Advisor

Oneview 6.60.05 , fix for CVE-2023-30909

Hi,

in HPESBGN04538  ( https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04538en_us )

it is stated that Oneview releases "Prior to v8.30.01" are affected.

In my understanding this means release 6.60.05 is also affected.

 

HPESBGN04530 states Release 6.60.05 has a fix for CVE-2023-30908, but none for CVE-2023-30909.

(link to bulletin https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04530en_us )

 

So i assume, Oneview 6.60.05 is currently vulnerable in regards of CVE-2023-30909.

When can we expect a Patch to fix this issue?

Thanks

Nico

3 REPLIES 3
ChrisLynch
HPE Pro
Solution

Re: Oneview 6.60.05 , fix for CVE-2023-30909

So i assume, Oneview 6.60.05 is currently vulnerable in regards of CVE-2023-30909.

The CA details are a bit confusing, and we are updating it to be a bit more helpful. 

it is stated that Oneview releases "Prior to v8.30.01" are affected.

In my understanding this means release 6.60.05 is also affected.

6.60.05 contains the fixes for CVE-2023-30908 and CVE-2023-30909.  The wording "Prior to" should imply 8.30.00 and nothing before that specific release.  As we continously release OneView updates, they will include bug and security fixes along with new features (except for the 6.60.xx releases as those are only bug and security fixes.)

The current versions that address both CVE-2023-30908 and CVE-2023-30909 are:

  • 6.60.05
  • 8.30.01
  • 8.50

We are working on re-releasing 8.00.00 and 8.40.00 with 8.00.01 and 8.40.01

I work at HPE
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
Nico Lietz
Occasional Advisor

Re: Oneview 6.60.05 , fix for CVE-2023-30909

Thanks Chris for your quick response and the clarification!

I am glad it is already resolved in 6.60.05.

CU

Nico

Sunitha_Mod
Honored Contributor

Re: Oneview 6.60.05 , fix for CVE-2023-30909

Hello @Nico Lietz,

That's awesome! 

We are extremely glad to know your concern has been addressed.