CVE-2017-8987
https://notcve.org/view.php?id=CVE-2017-8987
A Unauthenticated Remote Denial of Service vulnerability was identified in HPE Integrated Lights-Out 3 (iLO 3) version v1.88 only. The vulnerability is resolved in iLO3 v1.89 or subsequent versions. Se ha identificado una vulnerabilidad de denegación de servicio (DoS) remota no autenticada en HPE Integrated Lights-Out 3 (iLO 3) solo en la versión v1.88. La vulnerabilidad ha sido resuelta en iLOREST v1.89 o siguientes. • http://www.securitytracker.com/id/1040429 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03826en_us •
CVE-2017-8979
https://notcve.org/view.php?id=CVE-2017-8979
Security vulnerabilities in the HPE Integrated Lights-Out 2 (iLO 2) firmware could be exploited remotely to allow authentication bypass, code execution, and denial of service. En Apache JMeter 2.X y 3.X, al emplear solo Distributed Test (basado en RMI), el servidor jmeter enlaza el registro RMI al host de caracteres comodín. Esto podría permitir que un atacante obtenga acceso a JMeterEngine y envíe código no autorizado. • https://support.hpe.com/hpsc/doc/public/display?docId=hpesbhf03797en_us https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03797en_us •
CVE-2017-12543
https://notcve.org/view.php?id=CVE-2017-12543
A remote disclosure of information vulnerability in Moonshot Remote Console Administrator Prior to 2.50, iLO4 prior to v2.53, iLO3 prior to v1.89 and iLO2 prior to v2.30 was found. Se ha encontrado una vulnerabilidad de divulgación remota de información en Moonshot Remote Console Administrator en versiones anteriores a la 2.50; iLO 4 en versiones anteriores a la v2.53, iLO3 en versiones anteriores a la v1.89 y iLO2 en versiones anteriores a la v2.30. • http://www.securityfocus.com/bid/101944 https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03705en_us • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-12542 – HPE iLO 4 < 2.53 - Add New Administrator User
https://notcve.org/view.php?id=CVE-2017-12542
A authentication bypass and execution of code vulnerability in HPE Integrated Lights-out 4 (iLO 4) version prior to 2.53 was found. Se ha encontrado una vulnerabilidad de omisión de autenticación y ejecución de código en HPE Integrated Lights-out 4 (iLO 4) en versiones anteriores a la 2.53. • https://www.exploit-db.com/exploits/44005 https://github.com/skelsec/CVE-2017-12542 http://www.securityfocus.com/bid/100467 http://www.securitytracker.com/id/1039222 https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03769en_us •
CVE-2015-5436
https://notcve.org/view.php?id=CVE-2015-5436
A potential security vulnerability has been identified with HP Integrated Lights-Out 4 (iLO 4) firmware version 2.11 and later, but prior to version 2.30. The vulnerability could be exploited remotely resulting in Denial of Service (DoS). Note this was originally published in 2015 however the CVE entry was added in 2020. Se ha identificado una posible vulnerabilidad de seguridad con el firmware HP Integrated Lights-Out 4 (iLO 4) versión 2.11 y posterior, pero anterior a la versión 2.30. La vulnerabilidad podría explotarse a distancia, lo que daría lugar a una denegación de servicio (DoS). • https://support.hpe.com/hpesc/public/docDisplay?docId=emr_na-c04806165 •