Lucene search

K

Integrated Lights-Out 4 Security Vulnerabilities

cve
cve

CVE-2024-20906

Vulnerability in the Integrated Lights Out Manager (ILOM) product of Oracle Systems (component: System Management). Supported versions that are affected are 3, 4 and 5. Easily exploitable vulnerability allows high privileged attacker with network access via ICMP to compromise Integrated Lights...

4.8CVSS

4.5AI Score

0.0004EPSS

2024-01-16 10:15 PM
14
cve
cve

CVE-2023-30911

HPE Integrated Lights-Out 5, and Integrated Lights-Out 6 using iLOrest may cause denial of...

7.5CVSS

7.5AI Score

0.0005EPSS

2023-10-18 06:15 PM
16
cve
cve

CVE-2023-28083

A remote Cross-site Scripting vulnerability was discovered in HPE Integrated Lights-Out 6 (iLO 6), Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 4 (iLO 4). HPE has provided software updates to resolve this vulnerability in HPE Integrated...

8.3CVSS

5.4AI Score

0.0005EPSS

2023-03-22 06:15 AM
25
cve
cve

CVE-2013-2338

Unspecified vulnerability on HP Integrated Lights-Out 3 (aka iLO3) cards with firmware before 1.57 and 4 (aka iLO4) cards with firmware before 1.22, when Single-Sign-On (SSO) is used, allows remote attackers to execute arbitrary code via unknown...

7.9AI Score

0.011EPSS

2022-10-03 04:15 PM
42
cve
cve

CVE-2013-4843

Unspecified vulnerability in HP Integrated Lights-Out 4 (iLO4) with firmware before 1.32 allows remote authenticated users to obtain sensitive information via unknown...

5.8AI Score

0.001EPSS

2022-10-03 04:14 PM
64
4
cve
cve

CVE-2013-4842

Cross-site scripting (XSS) vulnerability in HP Integrated Lights-Out 4 (iLO4) with firmware before 1.32 allows remote attackers to inject arbitrary web script or HTML via unspecified...

5.8AI Score

0.002EPSS

2022-10-03 04:14 PM
60
cve
cve

CVE-2022-28638

An isolated local disclosure of information and potential isolated local arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability were discovered in HPE Integrated Lights-Out 5 (iLO 5) in Version: 2.71. Hewlett Packard Enterprise.....

7.8CVSS

7.7AI Score

0.0004EPSS

2022-09-20 09:15 PM
164
cve
cve

CVE-2022-28639

A remote potential adjacent denial of service (DoS) and potential adjacent arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability were discovered in HPE Integrated Lights-Out 5 (iLO 5) in Version: 2.71. Hewlett Packard...

8.8CVSS

8.9AI Score

0.001EPSS

2022-09-20 09:15 PM
168
cve
cve

CVE-2022-28640

A potential local adjacent arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability was discovered in HPE Integrated Lights-Out 5 (iLO 5) in Version: 2.71. Hewlett Packard Enterprise has provided updated firmware for HPE...

8.8CVSS

8.7AI Score

0.001EPSS

2022-09-20 09:15 PM
23
2
cve
cve

CVE-2022-28637

A local Denial of Service (DoS) and local arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability were discovered in HPE Integrated Lights-Out 5 (iLO 5) in Version: 2.71. Hewlett Packard Enterprise has provided updated firmware...

7.8CVSS

7.8AI Score

0.0004EPSS

2022-09-20 09:15 PM
24
2
cve
cve

CVE-2022-23704

A potential security vulnerability has been identified in Integrated Lights-Out 4 (iLO 4). The vulnerability could allow remote Denial of Service. The vulnerability is resolved in Integrated Lights-Out 4 (iLO 4) 2.80 and...

7.5CVSS

7.5AI Score

0.006EPSS

2022-05-09 09:15 PM
62
5
cve
cve

CVE-2022-23701

A potential remote host header injection security vulnerability has been identified in HPE Integrated Lights-Out 4 (iLO 4) firmware version(s): Prior to 2.60. This vulnerability could be remotely exploited to allow an attacker to supply invalid input to the iLO 4 webserver, causing it to respond...

5.3CVSS

5.4AI Score

0.001EPSS

2022-02-24 10:15 PM
88
cve
cve

CVE-2021-29210

A remote dom xss, crlf injection vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity...

4.8CVSS

5.3AI Score

0.001EPSS

2021-05-25 03:15 PM
26
2
cve
cve

CVE-2021-29208

A remote dom xss, crlf injection vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity...

4.8CVSS

5.3AI Score

0.001EPSS

2021-05-25 03:15 PM
22
2
cve
cve

CVE-2021-29209

A remote dom xss, crlf injection vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity...

4.8CVSS

5.3AI Score

0.001EPSS

2021-05-25 03:15 PM
22
2
cve
cve

CVE-2021-29211

A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380 Gen10 H...

4.8CVSS

5.1AI Score

0.001EPSS

2021-05-25 03:15 PM
15
2
cve
cve

CVE-2021-29201

A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380 Gen10 H...

4.8CVSS

5.1AI Score

0.001EPSS

2021-05-25 02:15 PM
22
2
cve
cve

CVE-2021-29204

A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380 Gen10 H...

4.8CVSS

5.1AI Score

0.001EPSS

2021-05-25 02:15 PM
21
2
cve
cve

CVE-2021-29202

A local buffer overflow vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380 Gen10 H....

6.7CVSS

6.6AI Score

0.0004EPSS

2021-05-25 02:15 PM
20
2
cve
cve

CVE-2021-29207

A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380 Gen10 H...

4.8CVSS

5.1AI Score

0.001EPSS

2021-05-25 02:15 PM
15
2
cve
cve

CVE-2021-29205

A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380 Gen10 H...

4.8CVSS

5.1AI Score

0.001EPSS

2021-05-25 02:15 PM
18
4
cve
cve

CVE-2021-29206

A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380 Gen10 H...

4.8CVSS

5.1AI Score

0.001EPSS

2021-05-25 02:15 PM
19
2
cve
cve

CVE-2020-7202

A potential security vulnerability has been identified in HPE Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 4 (iLO 4) firmware. The vulnerability could be remotely exploited to disclose the serial number and other...

5.3CVSS

5.2AI Score

0.001EPSS

2021-01-05 03:15 PM
32
2
cve
cve

CVE-2019-11983

A remote buffer overflow vulnerability was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than v2.61b for Gen9 servers and Integrated Lights-Out 5 (iLO 5) for Gen10 Servers earlier than version...

7CVSS

7.1AI Score

0.002EPSS

2019-06-05 05:29 PM
71
cve
cve

CVE-2019-11982

A remote cross site scripting vulnerability was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than v2.61b for Gen9 servers and Integrated Lights-Out 5 (iLO 5) for Gen10 Servers earlier than version...

8.3CVSS

7.8AI Score

0.002EPSS

2019-06-05 05:29 PM
84
cve
cve

CVE-2018-7112

The HPE-provided Windows firmware installer for certain Gen9, Gen8, G7,and G6 HPE servers allows local disclosure of privileged information. This issue was resolved in previously provided firmware updates as follows. The HPE Windows firmware installer was updated in the system ROM updates which...

5.5CVSS

5.4AI Score

0.0004EPSS

2018-12-03 03:29 PM
24
cve
cve

CVE-2018-7101

A potential remote denial of service security vulnerability has been identified in HPE Integrated Lights Out 4 prior to v2.60 and iLO 5 for Gen 10 servers prior to...

7.5CVSS

7.5AI Score

0.002EPSS

2018-09-27 06:29 PM
66
cve
cve

CVE-2018-7105

A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers prior to v1.35, HPE Integrated Lights-Out 4 (iLO 4) prior to v2.61, HPE Integrated Lights-Out 3 (iLO 3) prior to v1.90 could be remotely exploited to execute arbitrary code leading to disclosure of...

7.2CVSS

7.3AI Score

0.009EPSS

2018-09-27 06:29 PM
99
cve
cve

CVE-2018-7093

A security vulnerability in HPE Integrated Lights-Out 3 prior to v1.90, iLO 4 prior to v2.60, iLO 5 prior to v1.30, Moonshot Chassis Manager firmware prior to v1.58, and Moonshot Component Pack prior to v2.55 could be remotely exploited to create a denial of...

8.6CVSS

8.2AI Score

0.001EPSS

2018-08-14 02:29 PM
24
cve
cve

CVE-2018-7078

A remote code execution was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than version v2.60 and HPE Integrated Lights-Out 5 (iLO 5) earlier than version...

7.2CVSS

7.5AI Score

0.01EPSS

2018-08-06 08:29 PM
82
cve
cve

CVE-2016-4406

A remote cross site scripting vulnerability was identified in HPE iLO 3 all version prior to v1.88 and HPE iLO 4 all versions prior to...

6.1CVSS

6AI Score

0.002EPSS

2018-08-06 08:29 PM
62
cve
cve

CVE-2017-12542

A authentication bypass and execution of code vulnerability in HPE Integrated Lights-out 4 (iLO 4) version prior to 2.53 was...

10CVSS

9.5AI Score

0.972EPSS

2018-02-15 10:29 PM
152
In Wild
3
cve
cve

CVE-2017-12543

A remote disclosure of information vulnerability in Moonshot Remote Console Administrator Prior to 2.50, iLO4 prior to v2.53, iLO3 prior to v1.89 and iLO2 prior to v2.30 was...

6.5CVSS

6.3AI Score

0.001EPSS

2018-02-15 10:29 PM
29
cve
cve

CVE-2018-2566

Vulnerability in the Integrated Lights Out Manager (ILOM) component of Oracle Sun Systems Products Suite (subcomponent: Remote Console Application). Supported versions that are affected are 3.x and 4.x. Difficult to exploit vulnerability allows low privileged attacker with network access via TLS...

7.7CVSS

7.3AI Score

0.001EPSS

2018-01-18 02:29 AM
28
cve
cve

CVE-2018-2568

Vulnerability in the Integrated Lights Out Manager (ILOM) component of Oracle Sun Systems Products Suite (subcomponent: Remote Console Application). Supported versions that are affected are 3.x and 4.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to....

7.3CVSS

6.5AI Score

0.001EPSS

2018-01-18 02:29 AM
27
cve
cve

CVE-2015-5436

A potential security vulnerability has been identified with HP Integrated Lights-Out 4 (iLO 4) firmware version 2.11 and later, but prior to version 2.30. The vulnerability could be exploited remotely resulting in Denial of Service (DoS). Note this was originally published in 2015 however the CVE.....

7.5CVSS

7.5AI Score

0.001EPSS

2017-05-11 02:29 PM
22
cve
cve

CVE-2016-4375

Multiple unspecified vulnerabilities in HPE Integrated Lights-Out 3 (aka iLO 3) firmware before 1.88, Integrated Lights-Out 4 (aka iLO 4) firmware before 2.44, and Integrated Lights-Out 4 (aka iLO 4) mRCA firmware before 2.32 allow remote attackers to obtain sensitive information, modify data, or.....

9.8CVSS

9.4AI Score

0.007EPSS

2016-09-08 04:59 PM
32
4
cve
cve

CVE-2015-5435

Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 3 before 1.85 and 4 before 2.22 allows remote authenticated users to cause a denial of service via unknown...

6.4AI Score

0.003EPSS

2015-09-30 01:59 AM
57
cve
cve

CVE-2015-2106

Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 before 2.27, 3 before 1.82, and 4 before 2.10 allows remote attackers to bypass intended access restrictions or cause a denial of service via unknown...

7AI Score

0.017EPSS

2015-03-31 10:59 AM
67
cve
cve

CVE-2014-7876

Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 before 2.27 and 4 before 2.03 and iLO Chassis Management (CM) firmware before 1.30 allows remote attackers to gain privileges, execute arbitrary code, or cause a denial of service via unknown...

7.8AI Score

0.05EPSS

2015-03-31 10:59 AM
42
cve
cve

CVE-2013-4805

Unspecified vulnerability in HP Integrated Lights-Out 3 (aka iLO3) firmware before 1.60 and 4 (aka iLO4) firmware before 1.30 allows remote attackers to bypass authentication via unknown...

7.2AI Score

0.009EPSS

2013-08-05 01:22 PM
24
cve
cve

CVE-2013-2566

The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same...

5.9CVSS

5.7AI Score

0.005EPSS

2013-03-15 09:55 PM
630
cve
cve

CVE-2012-3271

Unspecified vulnerability on the HP Integrated Lights-Out 3 (aka iLO3) with firmware before 1.50 and Integrated Lights-Out 4 (aka iLO4) with firmware before 1.13 allows remote attackers to obtain sensitive information via unknown...

6.3AI Score

0.023EPSS

2012-11-29 01:14 PM
31