Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveHpeCVE-2018-7117
HistoryApr 09, 2019 - 7:29 p.m.

CVE-2018-7117

2019-04-0919:29:01
CWE-79
hpe
web.nvd.nist.gov
71
cve-2018-7117
remote
cross-site scripting
xss
hpe ilo 5
web user interface
gen10 proliant servers
nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

24.8%

JSON

A remote Cross-Site Scripting in HPE iLO 5 Web User Interface vulnerability was identified in HPE Integrated Lights-Out 5 (iLO 5) for Gen10 ProLiant Servers earlier than version v1.40.

Affected configurations

Nvd
Node
hpintegrated_lights-out_5_firmwareRange<1.40
AND
hpproliant_bl460c_gen10Match-
OR
hpproliant_dl120_gen10Match-
OR
hpproliant_dl160_gen10Match-
OR
hpproliant_dl180_gen10Match-
OR
hpproliant_dl20_gen10Match-
OR
hpproliant_dl325_gen10Match-
OR
hpproliant_dl360_gen10Match-
OR
hpproliant_dl380_gen10Match-
OR
hpproliant_dl385_gen10Match-
OR
hpproliant_dl560_gen10Match-
OR
hpproliant_dl580_gen10Match-
OR
hpproliant_microserver_gen10Match-
OR
hpproliant_ml110_gen10Match-
OR
hpproliant_ml30_gen10Match-
OR
hpproliant_ml350_gen10Match-
OR
hpproliant_xl170r_gen10Match-
OR
hpproliant_xl190r_gen10Match-
OR
hpproliant_xl230k_gen10Match-
OR
hpproliant_xl450_gen10Match-
VendorProductVersionCPE
hpintegrated_lights-out_5_firmware*cpe:2.3:o:hp:integrated_lights-out_5_firmware:*:*:*:*:*:*:*:*
hpproliant_bl460c_gen10-cpe:2.3:h:hp:proliant_bl460c_gen10:-:*:*:*:*:*:*:*
hpproliant_dl120_gen10-cpe:2.3:h:hp:proliant_dl120_gen10:-:*:*:*:*:*:*:*
hpproliant_dl160_gen10-cpe:2.3:h:hp:proliant_dl160_gen10:-:*:*:*:*:*:*:*
hpproliant_dl180_gen10-cpe:2.3:h:hp:proliant_dl180_gen10:-:*:*:*:*:*:*:*
hpproliant_dl20_gen10-cpe:2.3:h:hp:proliant_dl20_gen10:-:*:*:*:*:*:*:*
hpproliant_dl325_gen10-cpe:2.3:h:hp:proliant_dl325_gen10:-:*:*:*:*:*:*:*
hpproliant_dl360_gen10-cpe:2.3:h:hp:proliant_dl360_gen10:-:*:*:*:*:*:*:*
hpproliant_dl380_gen10-cpe:2.3:h:hp:proliant_dl380_gen10:-:*:*:*:*:*:*:*
hpproliant_dl385_gen10-cpe:2.3:h:hp:proliant_dl385_gen10:-:*:*:*:*:*:*:*
Rows per page:
1-10 of 201

CNA Affected

[
  {
    "product": "HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "iLO5 prior to v1.40"
      }
    ]
  }
]

Related

nessus 2
cvelist 1
prion 1
nvd 1
nessus
nessus
iLO 5 < 1.40 Cross Site Scripting (XSS) Vulnerability
2019-04-17 00:00:00
iLO 4 < 2.70 / iLO 5 < 1.40a Multiple Vulnerabilities
2019-05-23 00:00:00
cvelist
cvelist
CVE-2018-7117
2019-04-09 18:28:18
prion
prion
Cross site scripting
2019-04-09 19:29:00
nvd
nvd
CVE-2018-7117
2019-04-09 19:29:01

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

24.8%

JSON
Related for CVE-2018-7117
nessus2cvelist1prion1nvd1