VYPR

Integrated Lights Out 4 Firmware

by Microfocus

CVEs (15)

  • CVE-2016-4375CriSep 8, 2016
    risk 0.64cvss 9.8epss 0.03

    Multiple unspecified vulnerabilities in HPE Integrated Lights-Out 3 (aka iLO 3) firmware before 1.88, Integrated Lights-Out 4 (aka iLO 4) firmware before 2.44, and Integrated Lights-Out 4 (aka iLO 4) mRCA firmware before 2.32 allow remote attackers to obtain sensitive…

  • CVE-2019-11982HigJun 5, 2019
    risk 0.54cvss 8.3epss 0.02

    A remote cross site scripting vulnerability was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than v2.61b for Gen9 servers and Integrated Lights-Out 5 (iLO 5) for Gen10 Servers earlier than version v1.39.

  • CVE-2019-11983HigJun 5, 2019
    risk 0.46cvss 7.0epss 0.01

    A remote buffer overflow vulnerability was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than v2.61b for Gen9 servers and Integrated Lights-Out 5 (iLO 5) for Gen10 Servers earlier than version v1.39.

  • CVE-2018-7113MedDec 3, 2018
    risk 0.43cvss 6.6epss 0.01

    A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) prior to v1.37 could be locally exploited to bypass the security restrictions for firmware updates.

  • CVE-2018-7112MedDec 3, 2018
    risk 0.36cvss 5.5epss 0.01

    The HPE-provided Windows firmware installer for certain Gen9, Gen8, G7,and G6 HPE servers allows local disclosure of privileged information. This issue was resolved in previously provided firmware updates as follows. The HPE Windows firmware installer was updated in the system…

  • CVE-2020-7202MedJan 5, 2021
    risk 0.35cvss 5.3epss 0.01

    A potential security vulnerability has been identified in HPE Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 4 (iLO 4) firmware. The vulnerability could be remotely exploited to disclose the serial number and other information.

  • CVE-2013-4784Jul 8, 2013
    risk 0.04cvss epss 0.50

    The HP Integrated Lights-Out (iLO) BMC implementation allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password.

  • CVE-2014-7876Mar 31, 2015
    risk 0.01cvss epss 0.13

    Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 before 2.27 and 4 before 2.03 and iLO Chassis Management (CM) firmware before 1.30 allows remote attackers to gain privileges, execute arbitrary code, or cause a denial of service via unknown vectors.

  • CVE-2013-2338Jun 14, 2013
    risk 0.01cvss epss 0.11

    Unspecified vulnerability on HP Integrated Lights-Out 3 (aka iLO3) cards with firmware before 1.57 and 4 (aka iLO4) cards with firmware before 1.22, when Single-Sign-On (SSO) is used, allows remote attackers to execute arbitrary code via unknown vectors.

  • CVE-2015-5435Sep 30, 2015
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 3 before 1.85 and 4 before 2.22 allows remote authenticated users to cause a denial of service via unknown vectors.

  • CVE-2015-2106Mar 31, 2015
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 before 2.27, 3 before 1.82, and 4 before 2.10 allows remote attackers to bypass intended access restrictions or cause a denial of service via unknown vectors.

  • CVE-2014-2601Apr 24, 2014
    risk 0.00cvss epss 0.04

    The server in HP Integrated Lights-Out 2 (aka iLO 2) 2.23 and earlier allows remote attackers to cause a denial of service via crafted HTTPS traffic, as demonstrated by traffic from a CVE-2014-0160 vulnerability-assessment tool.

  • CVE-2013-4843Nov 18, 2013
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in HP Integrated Lights-Out 4 (iLO4) with firmware before 1.32 allows remote authenticated users to obtain sensitive information via unknown vectors.

  • CVE-2013-4842Nov 18, 2013
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in HP Integrated Lights-Out 4 (iLO4) with firmware before 1.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2012-3271Nov 29, 2012
    risk 0.00cvss epss 0.05

    Unspecified vulnerability on the HP Integrated Lights-Out 3 (aka iLO3) with firmware before 1.50 and Integrated Lights-Out 4 (aka iLO4) with firmware before 1.13 allows remote attackers to obtain sensitive information via unknown vectors.