PT-2021-18124 · Hewlett Packard · Hpe Integrated Lights-Out 4+6
Published
2021-05-18
·
Updated
2021-06-02
·
CVE-2021-29205
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
HPE Integrated Lights-Out 4 (iLO 4) versions prior to 2.78
HPE SimpliVity 380 Gen9 versions prior to 2.78
HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers versions prior to 2.78
HPE SimpliVity 380 Gen10 versions prior to 2.78
HPE SimpliVity 2600 versions prior to 2.78
HPE SimpliVity 380 Gen10 G versions prior to 2.78
HPE SimpliVity 325 versions prior to 2.78
HPE SimpliVity 380 Gen10 H versions prior to 2.78
Description:
A remote XSS vulnerability was discovered in several HPE products. This issue allows for potential exploitation.
Recommendations:
For HPE Integrated Lights-Out 4 (iLO 4) versions prior to 2.78, update to version 2.78 or later.
For HPE SimpliVity 380 Gen9 versions prior to 2.78, update to version 2.78 or later.
For HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers versions prior to 2.78, update to version 2.78 or later.
For HPE SimpliVity 380 Gen10 versions prior to 2.78, update to version 2.78 or later.
For HPE SimpliVity 2600 versions prior to 2.78, update to version 2.78 or later.
For HPE SimpliVity 380 Gen10 G versions prior to 2.78, update to version 2.78 or later.
For HPE SimpliVity 325 versions prior to 2.78, update to version 2.78 or later.
For HPE SimpliVity 380 Gen10 H versions prior to 2.78, update to version 2.78 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hpe Integrated Lights-Out 4
Hpe Integrated Lights-Out 5
Hpe Simplivity 2600
Hpe Simplivity 325
Hpe Simplivity 380 Gen10 H
Hpe Simplivity 380 Gen9
Hpe Ilo