PT-2021-24340 · Hewlett Packard · Hpe Integrated Lights-Out 5+1
Published
2021-05-18
·
Updated
2022-12-13
·
CVE-2021-46846
CVSS v3.1
6.4
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L |
Name of the Vulnerable Software and Affected Versions:
Hewlett Packard Enterprise Integrated Lights-Out 5 (affected versions not specified)
Description:
A Cross Site Scripting (XSS) issue has been identified, along with other potential security vulnerabilities such as CR-LF injection, DOM XSS, and buffer overflow vulnerabilities. These issues affect authenticated privileged users of the iLO web interface, with the buffer overflow vulnerabilities potentially allowing a privileged user on a host OS to execute code on the iLO as a privileged user.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hpe Integrated Lights-Out 5
Hpe Ilo