VYPR

Integrated Lights Out Firmware

by Microfocus

CVEs (10)

  • CVE-2015-5436HigMay 11, 2017
    risk 0.49cvss 7.5epss 0.02

    A potential security vulnerability has been identified with HP Integrated Lights-Out 4 (iLO 4) firmware version 2.11 and later, but prior to version 2.30. The vulnerability could be exploited remotely resulting in Denial of Service (DoS). Note this was originally published in…

  • CVE-2014-7876Mar 31, 2015
    risk 0.01cvss epss 0.13

    Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 before 2.27 and 4 before 2.03 and iLO Chassis Management (CM) firmware before 1.30 allows remote attackers to gain privileges, execute arbitrary code, or cause a denial of service via unknown vectors.

  • CVE-2013-2338Jun 14, 2013
    risk 0.01cvss epss 0.11

    Unspecified vulnerability on HP Integrated Lights-Out 3 (aka iLO3) cards with firmware before 1.57 and 4 (aka iLO4) cards with firmware before 1.22, when Single-Sign-On (SSO) is used, allows remote attackers to execute arbitrary code via unknown vectors.

  • CVE-2015-5435Sep 30, 2015
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 3 before 1.85 and 4 before 2.22 allows remote authenticated users to cause a denial of service via unknown vectors.

  • CVE-2015-2106Mar 31, 2015
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 before 2.27, 3 before 1.82, and 4 before 2.10 allows remote attackers to bypass intended access restrictions or cause a denial of service via unknown vectors.

  • CVE-2013-4843Nov 18, 2013
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in HP Integrated Lights-Out 4 (iLO4) with firmware before 1.32 allows remote authenticated users to obtain sensitive information via unknown vectors.

  • CVE-2013-4842Nov 18, 2013
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in HP Integrated Lights-Out 4 (iLO4) with firmware before 1.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2013-4805Aug 5, 2013
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in HP Integrated Lights-Out 3 (aka iLO3) firmware before 1.60 and 4 (aka iLO4) firmware before 1.30 allows remote attackers to bypass authentication via unknown vectors.

  • CVE-2006-6608Dec 18, 2006
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in SSH key based authentication in HP Integrated Lights Out (iLO) 1.70 through 1.87, and iLO 2 1.00 through 1.11, on Proliant servers, allows remote attackers to "gain unauthorized access."

  • CVE-2004-0525Aug 6, 2004
    risk 0.00cvss epss 0.03

    HP Integrated Lights-Out (iLO) 1.10 and other versions before 1.55 allows remote attackers to cause a denial of service (hang) by accessing iLO using the TCP/IP reserved port zero.