CVE-2022-23701

Name of the Vulnerable Software and Affected Versions HPE Integrated Lights-Out 4 (iLO 4) versions prior to 2.60

Description A potential remote host header injection security issue has been identified. This issue could be remotely exploited, allowing an attacker to supply invalid input to the iLO 4 webserver, causing it to respond with a redirect to an attacker-controlled domain.

Recommendations For versions prior to 2.60, update the firmware to the latest version to resolve the issue. As a temporary workaround, consider restricting access to the iLO 4 webserver until the firmware update can be applied.