CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2017-12543
https://notcve.org/view.php?id=CVE-2017-12543
A remote disclosure of information vulnerability in Moonshot Remote Console Administrator Prior to 2.50, iLO4 prior to v2.53, iLO3 prior to v1.89 and iLO2 prior to v2.30 was found. Se ha encontrado una vulnerabilidad de divulgación remota de información en Moonshot Remote Console Administrator en versiones anteriores a la 2.50; iLO 4 en versiones anteriores a la v2.53, iLO3 en versiones anteriores a la v1.89 y iLO2 en versiones anteriores a la v2.30. • http://www.securityfocus.com/bid/101944 https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03705en_us • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 97%CPEs: 2EXPL: 2CVE-2017-12542 – HPE iLO 4 < 2.53 - Add New Administrator User
https://notcve.org/view.php?id=CVE-2017-12542
A authentication bypass and execution of code vulnerability in HPE Integrated Lights-out 4 (iLO 4) version prior to 2.53 was found. Se ha encontrado una vulnerabilidad de omisión de autenticación y ejecución de código en HPE Integrated Lights-out 4 (iLO 4) en versiones anteriores a la 2.53. • https://www.exploit-db.com/exploits/44005 https://github.com/skelsec/CVE-2017-12542 http://www.securityfocus.com/bid/100467 http://www.securitytracker.com/id/1039222 https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03769en_us •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-5436
https://notcve.org/view.php?id=CVE-2015-5436
A potential security vulnerability has been identified with HP Integrated Lights-Out 4 (iLO 4) firmware version 2.11 and later, but prior to version 2.30. The vulnerability could be exploited remotely resulting in Denial of Service (DoS). Note this was originally published in 2015 however the CVE entry was added in 2020. Se ha identificado una posible vulnerabilidad de seguridad con el firmware HP Integrated Lights-Out 4 (iLO 4) versión 2.11 y posterior, pero anterior a la versión 2.30. La vulnerabilidad podría explotarse a distancia, lo que daría lugar a una denegación de servicio (DoS). • https://support.hpe.com/hpesc/public/docDisplay?docId=emr_na-c04806165 •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2016-4406
https://notcve.org/view.php?id=CVE-2016-4406
A remote cross site scripting vulnerability was identified in HPE iLO 3 all version prior to v1.88 and HPE iLO 4 all versions prior to v2.44. Se ha identificado una vulnerabilidad remota de Cross-Site Scripting (XSS) en iLO 3 en todas las versiones anteriores a la v1.88 y HPE iLO 4 en todas las versiones anteriores a la v2.44. • http://www.securityfocus.com/bid/94426 http://www.securitytracker.com/id/1037318 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05337025 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2016-4379
https://notcve.org/view.php?id=CVE-2016-4379
The TLS implementation in HPE Integrated Lights-Out 3 (aka iLO3) firmware before 1.88 does not properly use a MAC protection mechanism in conjunction with CBC padding, which allows remote attackers to obtain sensitive information via a padding-oracle attack, aka a Vaudenay attack. La implementación TLS en firmware HPE Integrated Lights-Out 3 (también conocido como iLO3) en versiones anteriores a 1.88 no utiliza adecuadamente un mecanismo de proteción MAC en conjunción con relleno CBC, lo que permite a atacantes remotos obtener información sensible a través de un ataque padding-oracle, también conocido como un ataque Vaudenay. • http://www.securityfocus.com/bid/92696 http://www.securitytracker.com/id/1036707 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05249760 https://www.iacr.org/archive/eurocrypt2002/23320530/cbc02_e02d.pdf • CWE-310: Cryptographic Issues •