Integrated Lights Out 4 Firmware
by Microfocus
CVEs (15)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-4375 | Cri | 0.64 | 9.8 | 0.03 | Sep 8, 2016 | Multiple unspecified vulnerabilities in HPE Integrated Lights-Out 3 (aka iLO 3) firmware before 1.88, Integrated Lights-Out 4 (aka iLO 4) firmware before 2.44, and Integrated Lights-Out 4 (aka iLO 4) mRCA firmware before 2.32 allow remote attackers to obtain sensitive… | ||
| CVE-2019-11982 | Hig | 0.54 | 8.3 | 0.02 | Jun 5, 2019 | A remote cross site scripting vulnerability was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than v2.61b for Gen9 servers and Integrated Lights-Out 5 (iLO 5) for Gen10 Servers earlier than version v1.39. | ||
| CVE-2019-11983 | Hig | 0.46 | 7.0 | 0.01 | Jun 5, 2019 | A remote buffer overflow vulnerability was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than v2.61b for Gen9 servers and Integrated Lights-Out 5 (iLO 5) for Gen10 Servers earlier than version v1.39. | ||
| CVE-2018-7113 | Med | 0.43 | 6.6 | 0.01 | Dec 3, 2018 | A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) prior to v1.37 could be locally exploited to bypass the security restrictions for firmware updates. | ||
| CVE-2018-7112 | Med | 0.36 | 5.5 | 0.01 | Dec 3, 2018 | The HPE-provided Windows firmware installer for certain Gen9, Gen8, G7,and G6 HPE servers allows local disclosure of privileged information. This issue was resolved in previously provided firmware updates as follows. The HPE Windows firmware installer was updated in the system… | ||
| CVE-2020-7202 | Med | 0.35 | 5.3 | 0.01 | Jan 5, 2021 | A potential security vulnerability has been identified in HPE Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 4 (iLO 4) firmware. The vulnerability could be remotely exploited to disclose the serial number and other information. | ||
| CVE-2013-4784 | 0.04 | — | 0.50 | Jul 8, 2013 | The HP Integrated Lights-Out (iLO) BMC implementation allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password. | |||
| CVE-2014-7876 | 0.01 | — | 0.13 | Mar 31, 2015 | Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 before 2.27 and 4 before 2.03 and iLO Chassis Management (CM) firmware before 1.30 allows remote attackers to gain privileges, execute arbitrary code, or cause a denial of service via unknown vectors. | |||
| CVE-2013-2338 | 0.01 | — | 0.11 | Jun 14, 2013 | Unspecified vulnerability on HP Integrated Lights-Out 3 (aka iLO3) cards with firmware before 1.57 and 4 (aka iLO4) cards with firmware before 1.22, when Single-Sign-On (SSO) is used, allows remote attackers to execute arbitrary code via unknown vectors. | |||
| CVE-2015-5435 | 0.00 | — | 0.02 | Sep 30, 2015 | Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 3 before 1.85 and 4 before 2.22 allows remote authenticated users to cause a denial of service via unknown vectors. | |||
| CVE-2015-2106 | 0.00 | — | 0.04 | Mar 31, 2015 | Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 before 2.27, 3 before 1.82, and 4 before 2.10 allows remote attackers to bypass intended access restrictions or cause a denial of service via unknown vectors. | |||
| CVE-2014-2601 | 0.00 | — | 0.04 | Apr 24, 2014 | The server in HP Integrated Lights-Out 2 (aka iLO 2) 2.23 and earlier allows remote attackers to cause a denial of service via crafted HTTPS traffic, as demonstrated by traffic from a CVE-2014-0160 vulnerability-assessment tool. | |||
| CVE-2013-4843 | 0.00 | — | 0.02 | Nov 18, 2013 | Unspecified vulnerability in HP Integrated Lights-Out 4 (iLO4) with firmware before 1.32 allows remote authenticated users to obtain sensitive information via unknown vectors. | |||
| CVE-2013-4842 | 0.00 | — | 0.02 | Nov 18, 2013 | Cross-site scripting (XSS) vulnerability in HP Integrated Lights-Out 4 (iLO4) with firmware before 1.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-3271 | 0.00 | — | 0.05 | Nov 29, 2012 | Unspecified vulnerability on the HP Integrated Lights-Out 3 (aka iLO3) with firmware before 1.50 and Integrated Lights-Out 4 (aka iLO4) with firmware before 1.13 allows remote attackers to obtain sensitive information via unknown vectors. |
- risk 0.64cvss 9.8epss 0.03
Multiple unspecified vulnerabilities in HPE Integrated Lights-Out 3 (aka iLO 3) firmware before 1.88, Integrated Lights-Out 4 (aka iLO 4) firmware before 2.44, and Integrated Lights-Out 4 (aka iLO 4) mRCA firmware before 2.32 allow remote attackers to obtain sensitive…
- risk 0.54cvss 8.3epss 0.02
A remote cross site scripting vulnerability was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than v2.61b for Gen9 servers and Integrated Lights-Out 5 (iLO 5) for Gen10 Servers earlier than version v1.39.
- risk 0.46cvss 7.0epss 0.01
A remote buffer overflow vulnerability was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than v2.61b for Gen9 servers and Integrated Lights-Out 5 (iLO 5) for Gen10 Servers earlier than version v1.39.
- risk 0.43cvss 6.6epss 0.01
A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) prior to v1.37 could be locally exploited to bypass the security restrictions for firmware updates.
- risk 0.36cvss 5.5epss 0.01
The HPE-provided Windows firmware installer for certain Gen9, Gen8, G7,and G6 HPE servers allows local disclosure of privileged information. This issue was resolved in previously provided firmware updates as follows. The HPE Windows firmware installer was updated in the system…
- risk 0.35cvss 5.3epss 0.01
A potential security vulnerability has been identified in HPE Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 4 (iLO 4) firmware. The vulnerability could be remotely exploited to disclose the serial number and other information.
- CVE-2013-4784Jul 8, 2013risk 0.04cvss —epss 0.50
The HP Integrated Lights-Out (iLO) BMC implementation allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password.
- CVE-2014-7876Mar 31, 2015risk 0.01cvss —epss 0.13
Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 before 2.27 and 4 before 2.03 and iLO Chassis Management (CM) firmware before 1.30 allows remote attackers to gain privileges, execute arbitrary code, or cause a denial of service via unknown vectors.
- CVE-2013-2338Jun 14, 2013risk 0.01cvss —epss 0.11
Unspecified vulnerability on HP Integrated Lights-Out 3 (aka iLO3) cards with firmware before 1.57 and 4 (aka iLO4) cards with firmware before 1.22, when Single-Sign-On (SSO) is used, allows remote attackers to execute arbitrary code via unknown vectors.
- CVE-2015-5435Sep 30, 2015risk 0.00cvss —epss 0.02
Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 3 before 1.85 and 4 before 2.22 allows remote authenticated users to cause a denial of service via unknown vectors.
- CVE-2015-2106Mar 31, 2015risk 0.00cvss —epss 0.04
Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 before 2.27, 3 before 1.82, and 4 before 2.10 allows remote attackers to bypass intended access restrictions or cause a denial of service via unknown vectors.
- CVE-2014-2601Apr 24, 2014risk 0.00cvss —epss 0.04
The server in HP Integrated Lights-Out 2 (aka iLO 2) 2.23 and earlier allows remote attackers to cause a denial of service via crafted HTTPS traffic, as demonstrated by traffic from a CVE-2014-0160 vulnerability-assessment tool.
- CVE-2013-4843Nov 18, 2013risk 0.00cvss —epss 0.02
Unspecified vulnerability in HP Integrated Lights-Out 4 (iLO4) with firmware before 1.32 allows remote authenticated users to obtain sensitive information via unknown vectors.
- CVE-2013-4842Nov 18, 2013risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in HP Integrated Lights-Out 4 (iLO4) with firmware before 1.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2012-3271Nov 29, 2012risk 0.00cvss —epss 0.05
Unspecified vulnerability on the HP Integrated Lights-Out 3 (aka iLO3) with firmware before 1.50 and Integrated Lights-Out 4 (aka iLO4) with firmware before 1.13 allows remote attackers to obtain sensitive information via unknown vectors.