CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-29220
https://notcve.org/view.php?id=CVE-2021-29220
Multiple buffer overflow security vulnerabilities have been identified in HPE iLO Amplifier Pack version(s): Prior to 2.12. These vulnerabilities could be exploited by a highly privileged user to remotely execute code that could lead to a loss of confidentiality, integrity, and availability. HPE has provided a software update to resolve this vulnerability in HPE iLO Amplifier Pack. Se han identificado múltiples vulnerabilidades de seguridad de desbordamiento del búfer en HPE iLO Amplifier Pack versiones: Anteriores a 2.12. Estas vulnerabilidades podrían ser explotadas por un usuario con altos privilegios para ejecutar remotamente código que podría conllevar a una pérdida de confidencialidad, integridad y disponibilidad. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04246en_us • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2021-29212 – Hewlett Packard Enterprise iLO Amplifier Pack backup Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-29212
A remote unauthenticated directory traversal security vulnerability has been identified in HPE iLO Amplifier Pack versions 1.80, 1.81, 1.90 and 1.95. The vulnerability could be remotely exploited to allow an unauthenticated user to run arbitrary code leading complete impact to confidentiality, integrity, and availability of the iLO Amplifier Pack appliance. Se ha identificado una vulnerabilidad de seguridad de salto de directorio no autenticado en HPE iLO Amplifier Pack versiones 1.80, 1.81, 1.90 y 1.95. La vulnerabilidad podría ser explotada remotamente para permitir que un usuario no autenticado ejecute código arbitrario, conllevando un impacto completo en la confidencialidad, integridad y disponibilidad del dispositivo iLO Amplifier Pack This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise iLO Amplifier Pack. Authentication is not required to exploit this vulnerability. The specific flaw exists within the backup endpoint. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04189en_us https://www.zerodayinitiative.com/advisories/ZDI-21-1278 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-26583
https://notcve.org/view.php?id=CVE-2021-26583
A potential security vulnerability was identified in HPE iLO Amplifier Pack. The vulnerabilities could be remotely exploited to allow remote code execution. Se ha identificado una posible vulnerabilidad de seguridad en HPE iLO Amplifier Pack. Las vulnerabilidades podrían ser explotadas remotamente para permitir la ejecución remota de código • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04129en_us •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2020-7203
https://notcve.org/view.php?id=CVE-2020-7203
A potential security vulnerability has been identified in HPE iLO Amplifier Pack server version 1.70. The vulnerability could be exploited to allow remote code execution. Se ha identificado una vulnerabilidad de seguridad potencial en la versión 1.70 del servidor HPE iLO Amplifier Pack. La vulnerabilidad podría ser explotada para permitir una ejecución de código remota • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04067en_us •