Remote Cross-Site Scripting in HPE Integrated Lights-Out 5 for Gen10 ProLiant Servers
CVE-2018-7117

6.1MEDIUM

Key Information:

Vendor: HP
Status: HP Integrated Lights-out 5 (ilo 5) For HP Gen10 Servers
Vendor: CVE Published:; 9 April 2019

Summary

A remote Cross-Site Scripting vulnerability exists in the HPE Integrated Lights-Out 5 (iLO 5) Web User Interface, affecting Gen10 ProLiant Servers running versions earlier than v1.40. This security flaw could allow remote attackers to execute arbitrary scripts in the context of the user's browser session. Therefore, users accessing the web interface could unintentionally expose sensitive information and system access to malicious entities. It is crucial for affected users to upgrade to the latest version to mitigate this security risk.

Affected Version(s)

HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers iLO5 prior to v1.40

References

https://support.hpe.com/hpsc/doc/public/display?docLocale...

x_refsource_MISC

https://support.hpe.com/hpsc/doc/public/display?docLocale...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 9, 2019
Vulnerability Reserved
Feb 15, 2018