HPE Community
HPE OneView
1855255 Members
7185 Online
104109 Solutions
New Discussion

Oneview 6.60.05 , fix for CVE-2023-30909

 
SOLVED
Go to solution
Nico Lietz
Occasional Advisor

‎09-27-2023 03:01 AM - last edited on ‎09-27-2023 09:02 AM by

‎09-27-2023 03:01 AM - last edited on ‎09-27-2023 09:02 AM by

Oneview 6.60.05 , fix for CVE-2023-30909

Hi,

in HPESBGN04538  ( https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04538en_us )

it is stated that Oneview releases "Prior to v8.30.01" are affected.

In my understanding this means release 6.60.05 is also affected.

 

HPESBGN04530 states Release 6.60.05 has a fix for CVE-2023-30908, but none for CVE-2023-30909.

(link to bulletin https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04530en_us )

 

So i assume, Oneview 6.60.05 is currently vulnerable in regards of CVE-2023-30909.

When can we expect a Patch to fix this issue?

Thanks

Nico

0 Kudos
Reply
3 REPLIES 3
ChrisLynch
HPE Pro

‎09-27-2023 08:54 AM

‎09-27-2023 08:54 AM

Solution

Re: Oneview 6.60.05 , fix for CVE-2023-30909

So i assume, Oneview 6.60.05 is currently vulnerable in regards of CVE-2023-30909.

The CA details are a bit confusing, and we are updating it to be a bit more helpful. 

it is stated that Oneview releases "Prior to v8.30.01" are affected.

In my understanding this means release 6.60.05 is also affected.

6.60.05 contains the fixes for CVE-2023-30908 and CVE-2023-30909.  The wording "Prior to" should imply 8.30.00 and nothing before that specific release.  As we continously release OneView updates, they will include bug and security fixes along with new features (except for the 6.60.xx releases as those are only bug and security fixes.)

The current versions that address both CVE-2023-30908 and CVE-2023-30909 are:

  • 6.60.05
  • 8.30.01
  • 8.50

We are working on re-releasing 8.00.00 and 8.40.00 with 8.00.01 and 8.40.01

I work at HPE
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
Nico Lietz
Occasional Advisor

‎09-27-2023 10:03 AM

‎09-27-2023 10:03 AM

Re: Oneview 6.60.05 , fix for CVE-2023-30909

Thanks Chris for your quick response and the clarification!

I am glad it is already resolved in 6.60.05.

CU

Nico

0 Kudos
Reply
Sunitha_Mod
Honored Contributor

‎09-27-2023 09:28 PM

‎09-27-2023 09:28 PM

Re: Oneview 6.60.05 , fix for CVE-2023-30909

Hello @Nico Lietz,

That's awesome! 

We are extremely glad to know your concern has been addressed. 

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.