PT-2021-18127 · Hewlett Packard · Hpe Integrated Lights-Out 4+6
Published
2021-05-18
·
Updated
2022-04-25
·
CVE-2021-29208
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
HPE Integrated Lights-Out 4 (iLO 4) versions prior to 2.78
HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers versions prior to 2.78
HPE SimpliVity 380 Gen9 versions prior to 2.78
HPE SimpliVity 380 Gen10 versions prior to 2.78
HPE SimpliVity 2600 versions prior to 2.78
HPE SimpliVity 380 Gen10 G versions prior to 2.78
HPE SimpliVity 325 versions prior to 2.78
HPE SimpliVity 380 Gen10 H versions prior to 2.78
Description:
A remote DOM XSS, CRLF injection issue was discovered. This issue affects various HPE products, including HPE Integrated Lights-Out 4 and 5, and several HPE SimpliVity models.
Recommendations:
For HPE Integrated Lights-Out 4 (iLO 4) versions prior to 2.78, update to version 2.78 or later.
For HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers versions prior to 2.78, update to version 2.78 or later.
For HPE SimpliVity 380 Gen9 versions prior to 2.78, update to version 2.78 or later.
For HPE SimpliVity 380 Gen10 versions prior to 2.78, update to version 2.78 or later.
For HPE SimpliVity 2600 versions prior to 2.78, update to version 2.78 or later.
For HPE SimpliVity 380 Gen10 G versions prior to 2.78, update to version 2.78 or later.
For HPE SimpliVity 325 versions prior to 2.78, update to version 2.78 or later.
For HPE SimpliVity 380 Gen10 H versions prior to 2.78, update to version 2.78 or later.
Fix
Special Elements Injection
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Hpe Integrated Lights-Out 4
Hpe Integrated Lights-Out 5
Hpe Simplivity 2600
Hpe Simplivity 325
Hpe Simplivity 380 Gen10 H
Hpe Simplivity 380 Gen9
Hpe Ilo