Skip to main content
CVE-2016-4375 CRITICAL Act Now

Multiple unspecified vulnerabilities in HPE Integrated Lights-Out 3 (aka iLO 3) firmware before 1.88, Integrated Lights-Out 4 (aka iLO 4) firmware before 2.44, and Integrated Lights-Out 4 (aka iLO 4). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Integrated Lights Out 3 Firmware Integrated Lights Out 4 Firmware Integrated Lights Out 4 Mrca Firmware
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2016-4380 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the AdminUI in HPE Operations Manager 9.21.x before 9.21.130 allows remote authenticated users to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Operations Manager
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-4381 MEDIUM PATCH This Month

HPE XP7 Command View Advanced Edition (CVAE) Suite 6.x through 8.x before 8.4.1-02, when Replication Manager (RepMgr) and Device Manager (DevMgr) are enabled, allows local users to bypass intended. Rated medium severity (CVSS 4.5), this vulnerability is no authentication required.

Privilege Escalation Xp7 Command View
NVD
CVSS 3.0
4.5
EPSS
0.1%
CVE-2016-4379 LOW Monitor

The TLS implementation in HPE Integrated Lights-Out 3 (aka iLO3) firmware before 1.88 does not properly use a MAC protection mechanism in conjunction with CBC padding, which allows remote attackers. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Oracle Integrated Lights Out 3 Firmware
NVD
CVSS 3.0
3.7
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy