Primary

Context

HPE OneView for VMware vCenter Vertical Privilege Escalation Vulnerability

Vulnerability

Patched

A vulnerability allowing vertical privilege escalation has been identified in HPE OneView for VMware vCenter (OV4VC) versions prior to 11.7. This issue could be exploited by an attacker with read-only privileges, allowing them to perform administrative actions.

Impact

Exploitation of this vulnerability could allow an attacker with read-only privileges to escalate their rights and perform administrative actions within the application.

Remediation

Users can upgrade to HPE OneView for VMware vCenter (OV4VC) version 11.7 or later to address this vulnerability.

Added: Jun 26, 2025, 6:19 AM

Updated: Jun 26, 2025, 6:19 AM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

5.0

exploitability

4.9

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

5.0

exploitability

4.9

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HPE OneView for VMware vCenter Vertical Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

HPE OneView for VMware vCenter

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating