Lucene search

K
cve[email protected]CVE-2023-28083
HistoryMar 22, 2023 - 6:15 a.m.

CVE-2023-28083

2023-03-2206:15:10
CWE-79
web.nvd.nist.gov
25
hpe
ilo
remote
xss
vulnerability
security
update
cve-2023-28083

8.3 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L

5.4 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.8%

A remote Cross-site Scripting vulnerability was discovered in HPE Integrated Lights-Out 6 (iLO 6), Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 4 (iLO 4). HPE has provided software updates to resolve this vulnerability in HPE Integrated Lights-Out.

Affected configurations

NVD
Node
hpintegrated_lights-out_4Range<2.82
AND
hpeapollo_4200_gen9_serverMatch-
OR
hpeapollo_r2000_chassisMatch-
OR
hpeproliant_bl420c_gen8_serverMatch-
OR
hpeproliant_bl460c_gen8_server_bladeMatch-
OR
hpeproliant_bl460c_gen9_server_bladeMatch-
OR
hpeproliant_bl465c_gen8_server_bladeMatch-
OR
hpeproliant_bl660c_gen8_server_bladeMatch-
OR
hpeproliant_bl660c_gen9_serverMatch-
OR
hpeproliant_dl120_gen9_serverMatch-
OR
hpeproliant_dl160_gen8_serverMatch-
OR
hpeproliant_dl160_gen9_serverMatch-
OR
hpeproliant_dl180_gen9_serverMatch-
OR
hpeproliant_dl20_gen9_serverMatch-
OR
hpeproliant_dl320e_gen8_serverMatch-
OR
hpeproliant_dl320e_gen8_v2_serverMatch-
OR
hpeproliant_dl360_gen9_serverMatch-
OR
hpeproliant_dl360e_gen8_serverMatch-
OR
hpeproliant_dl360p_gen8_serverMatch-
OR
hpeproliant_dl380_gen9_serverMatch-
OR
hpeproliant_dl380e_gen8_serverMatch-
OR
hpeproliant_dl380p_gen8_serverMatch-
OR
hpeproliant_dl385p_gen8_\(amd\)Match-
OR
hpeproliant_dl560_gen8_serverMatch-
OR
hpeproliant_dl560_gen9_serverMatch-
OR
hpeproliant_dl580_gen8_serverMatch-
OR
hpeproliant_dl580_gen9_serverMatch-
OR
hpeproliant_dl60_gen9_serverMatch-
OR
hpeproliant_dl80_gen9_serverMatch-
OR
hpeproliant_microserver_gen8Match-
OR
hpeproliant_ml110_gen9_serverMatch-
OR
hpeproliant_ml30_gen9_serverMatch-
OR
hpeproliant_ml310e_gen8_serverMatch-
OR
hpeproliant_ml310e_gen8_v2_serverMatch-
OR
hpeproliant_ml350_gen9_serverMatch-
OR
hpeproliant_ml350e_gen8_serverMatch-
OR
hpeproliant_ml350e_gen8_v2_serverMatch-
OR
hpeproliant_ml350p_gen8_serverMatch-
OR
hpeproliant_sl210t_gen8_serverMatch-
OR
hpeproliant_sl230s_gen8_serverMatch-
OR
hpeproliant_sl250s_gen8_serverMatch-
OR
hpeproliant_sl270s_gen8_se_serverMatch-
OR
hpeproliant_sl270s_gen8_serverMatch-
OR
hpeproliant_ws460c_gen8_graphics_server_bladeMatch-
OR
hpeproliant_ws460c_gen9_graphics_server_bladeMatch-
OR
hpeproliant_xl170r_gen9_serverMatch-
OR
hpeproliant_xl190r_gen9_serverMatch-
OR
hpeproliant_xl220a_gen8_v2_serverMatch-
OR
hpeproliant_xl230a_gen9_serverMatch-
OR
hpeproliant_xl230b_gen9_serverMatch-
OR
hpeproliant_xl250a_gen9_serverMatch-
OR
hpeproliant_xl270d_gen9_special_serverMatch-
OR
hpeproliant_xl450_gen9_serverMatch-
OR
hpeproliant_xl730f_gen9_serverMatch-
OR
hpeproliant_xl740f_gen9_serverMatch-
OR
hpeproliant_xl750f_gen9_serverMatch-
OR
hpestoreeasy_1430_storageMatch-
OR
hpestoreeasy_1440_storageMatch-
OR
hpestoreeasy_1450_storageMatch-
OR
hpestoreeasy_1530_storageMatch-
OR
hpestoreeasy_1540_storageMatch-
OR
hpestoreeasy_1550_storageMatch-
OR
hpestoreeasy_1630_storageMatch-
OR
hpestoreeasy_1640_storageMatch-
OR
hpestoreeasy_1650_expanded_storageMatch-
OR
hpestoreeasy_1650_storageMatch-
OR
hpestoreeasy_1830_storageMatch-
OR
hpestoreeasy_1840_storageMatch-
OR
hpestoreeasy_1850_storageMatch-
OR
hpestoreeasy_3830_gateway_storageMatch-
OR
hpestoreeasy_3830_gateway_storage_bladeMatch-
OR
hpestoreeasy_3840_gateway_storageMatch-
OR
hpestoreeasy_3840_gateway_storage_bladeMatch-
OR
hpestoreeasy_3850_gateway_single_node_upgradeMatch-
OR
hpestoreeasy_3850_gateway_storageMatch-
OR
hpestoreeasy_3850_gateway_storage_bladeMatch-
OR
hpestorevirtual_3000_file_controllerMatch-
OR
hpesynergy_480_gen9_compute_moduleMatch-
OR
hpesynergy_620_gen9_compute_moduleMatch-
OR
hpesynergy_660_gen9_compute_moduleMatch-
OR
hpesynergy_680_gen9_compute_moduleMatch-
Node
hpintegrated_lights-out_5Range<2.78
AND
hpeapollo_4200_gen10_plus_systemMatch-
OR
hpeapollo_4200_gen10_serverMatch-
OR
hpeapollo_4510_gen10_systemMatch-
OR
hpeapollo_6500_gen10_plus_systemMatch-
OR
hpeapollo_6500_gen10_systemMatch-
OR
hpeapollo_n2600_gen10_plusMatch-
OR
hpeapollo_n2800_gen10_plusMatch-
OR
hpeapollo_r2200_gen10Match-
OR
hpeapollo_r2600_gen10Match-
OR
hpeapollo_r2800_gen10Match-
OR
hpeedgeline_e920_server_bladeMatch-
OR
hpeedgeline_e920d_server_bladeMatch-
OR
hpeedgeline_e920t_server_bladeMatch-
OR
hpeproliant_bl460c_gen10_server_bladeMatch-
OR
hpeproliant_dl120_gen10_serverMatch-
OR
hpeproliant_dl160_gen10_serverMatch-
OR
hpeproliant_dl180_gen10_serverMatch-
OR
hpeproliant_dl20_gen10_plus_serverMatch-
OR
hpeproliant_dl20_gen10_serverMatch-
OR
hpeproliant_dl325_gen10_plus_serverMatch-
OR
hpeproliant_dl325_gen10_serverMatch-
OR
hpeproliant_dl345_gen10_plus_serverMatch-
OR
hpeproliant_dl360_gen10_plus_serverMatch-
OR
hpeproliant_dl360_gen10_serverMatch-
OR
hpeproliant_dl365_gen10_plus_serverMatch-
OR
hpeproliant_dl380_gen10_plus_serverMatch-
OR
hpeproliant_dl380_gen10_serverMatch-
OR
hpeproliant_dl385_gen10_plus_serverMatch-
OR
hpeproliant_dl385_gen10_plus_v2_serverMatch-
OR
hpeproliant_dl385_gen10_serverMatch-
OR
hpeproliant_dl560_gen10_serverMatch-
OR
hpeproliant_dl580_gen10_serverMatch-
OR
hpeproliant_dx170r_gen10_serverMatch-
OR
hpeproliant_dx190r_gen10_serverMatch-
OR
hpeproliant_dx220n_gen10_plus_serverMatch-
OR
hpeproliant_dx325_gen10_plus_v2_serverMatch-
OR
hpeproliant_dx360_gen10_plus_serverMatch-
OR
hpeproliant_dx360_gen10_serverMatch-
OR
hpeproliant_dx380_gen10_plus_serverMatch-
OR
hpeproliant_dx380_gen10_serverMatch-
OR
hpeproliant_dx385_gen10_plus_serverMatch-
OR
hpeproliant_dx385_gen10_plus_v2_serverMatch-
OR
hpeproliant_dx4200_gen10_serverMatch-
OR
hpeproliant_dx560_gen10_serverMatch-
OR
hpeproliant_e910_server_bladeMatch-
OR
hpeproliant_e910t_server_bladeMatch-
OR
hpeproliant_ml110_gen10_serverMatch-
OR
hpeproliant_ml30_gen10_plus_serverMatch-
OR
hpeproliant_ml350_gen10_serverMatch-
OR
hpeproliant_xl170r_gen10_serverMatch-
OR
hpeproliant_xl190r_gen10_serverMatch-
OR
hpeproliant_xl220n_gen10_plus_serverMatch-
OR
hpeproliant_xl225n_gen10_plus_1u_nodeMatch-
OR
hpeproliant_xl230k_gen10_serverMatch-
OR
hpeproliant_xl270d_gen10_serverMatch-
OR
hpeproliant_xl290n_gen10_plus_serverMatch-
OR
hpeproliant_xl450_gen10_serverMatch-
OR
hpeproliant_xl645d_gen10_plus_serverMatch-
OR
hpeproliant_xl675d_gen10_plus_serverMatch-
OR
hpestorage_file_controllerMatch-
OR
hpestorage_performance_file_controllerMatch-
OR
hpestoreeasy_1460_storageMatch-
OR
hpestoreeasy_1560_storageMatch-
OR
hpestoreeasy_1660_expanded_storageMatch-
OR
hpestoreeasy_1660_performance_storageMatch-
OR
hpestoreeasy_1660_storageMatch-
OR
hpestoreeasy_1860_performance_storageMatch-
OR
hpestoreeasy_1860_storageMatch-
OR
hpesynergy_480_gen10_compute_moduleMatch-
OR
hpesynergy_480_gen10_plus_compute_moduleMatch-
OR
hpesynergy_660_gen10_compute_moduleMatch-
Node
hpintegrated_lights-out_6Range<1.20
AND
hpeproliant_dl320_gen11_serverMatch-
OR
hpeproliant_dl325_gen11_serverMatch-
OR
hpeproliant_dl345_gen11_serverMatch-
OR
hpeproliant_dl360_gen11_serverMatch-
OR
hpeproliant_dl365_gen11_serverMatch-
OR
hpeproliant_dl380_gen11_serverMatch-
OR
hpeproliant_dl385_gen11_serverMatch-
OR
hpeproliant_ml350_gen11_serverMatch-

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "Integrated Lights-Out",
    "vendor": "HPE",
    "versions": [
      {
        "lessThan": "1.20",
        "status": "affected",
        "version": "Integrated Lights-Out 6 (iLO 6)",
        "versionType": "1.20"
      },
      {
        "lessThan": "2.78",
        "status": "affected",
        "version": "Integrated Lights-Out 5 (iLO 5) ",
        "versionType": "2.78"
      },
      {
        "lessThan": "2.82",
        "status": "affected",
        "version": "Integrated Lights-Out 4 (iLO 4)",
        "versionType": "2.82"
      }
    ]
  }
]

8.3 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L

5.4 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.8%

Related for CVE-2023-28083