6 results (0.010 seconds)

CVSS: 5.5EPSS: 0%CPEs: 205EXPL: 0

The HPE-provided Windows firmware installer for certain Gen9, Gen8, G7,and G6 HPE servers allows local disclosure of privileged information. This issue was resolved in previously provided firmware updates as follows. The HPE Windows firmware installer was updated in the system ROM updates which also addressed the original Spectre/Meltdown set of vulnerabilities. At that time, the Windows firmware installer was also updated in the versions of HPE Integrated Lights-Out 2, 3, and 4 (iLO 2, 3, and 4) listed in the security bulletin. The updated HPE Windows firmware installer was released in the system ROM and HPE Integrated Lights-Out (iLO) releases documented in earlier HPE Security Bulletins: HPESBHF03805, HPESBHF03835, HPESBHF03831. • http://www.securitytracker.com/id/1041984 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03805en_us https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03831en_us https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03835en_us https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03869en_us •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

Security vulnerabilities in the HPE Integrated Lights-Out 2 (iLO 2) firmware could be exploited remotely to allow authentication bypass, code execution, and denial of service. En Apache JMeter 2.X y 3.X, al emplear solo Distributed Test (basado en RMI), el servidor jmeter enlaza el registro RMI al host de caracteres comodín. Esto podría permitir que un atacante obtenga acceso a JMeterEngine y envíe código no autorizado. • https://support.hpe.com/hpsc/doc/public/display?docId=hpesbhf03797en_us https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03797en_us •

CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0

A remote disclosure of information vulnerability in Moonshot Remote Console Administrator Prior to 2.50, iLO4 prior to v2.53, iLO3 prior to v1.89 and iLO2 prior to v2.30 was found. Se ha encontrado una vulnerabilidad de divulgación remota de información en Moonshot Remote Console Administrator en versiones anteriores a la 2.50; iLO 4 en versiones anteriores a la v2.53, iLO3 en versiones anteriores a la v1.89 y iLO2 en versiones anteriores a la v2.30. • http://www.securityfocus.com/bid/101944 https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03705en_us • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.4EPSS: 1%CPEs: 3EXPL: 0

Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 before 2.27, 3 before 1.82, and 4 before 2.10 allows remote attackers to bypass intended access restrictions or cause a denial of service via unknown vectors. Vulnerabilidad no especificada en el firmware HP Integrated Lights-Out (iLO) 2 anterior a 2.27, 3 anterior a 1.82, y 4 anterior a 2.10 permite a atacantes remotos evadir las restricciones de acceso o causar una denegación de servicio a través de vectores desconocidos. • http://www.securityfocus.com/bid/73324 http://www.securitytracker.com/id/1031974 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04582368 •

CVSS: 10.0EPSS: 7%CPEs: 3EXPL: 0

Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 before 2.27 and 4 before 2.03 and iLO Chassis Management (CM) firmware before 1.30 allows remote attackers to gain privileges, execute arbitrary code, or cause a denial of service via unknown vectors. Vulnerabilidad no especificada en el firmware HP Integrated Lights-Out (iLO) 2 anterior a 2.27 y 4 anterior a 2.03 y el firmware iLO Chassis Management (CM) anterior a 1.30 permite a atacantes remotos ganar privilegios, ejecutar código arbitrario o causar una denegación de servicio a través de vectores desconocidos. • http://www.securitytracker.com/id/1031972 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04486432 •