The TLS implementation in HPE Integrated Lights-Out 3 (aka iLO3) firmware before 1.88 does not properly use a MAC protection mechanism in conjunction with CBC padding, which allows remote attackers. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Information Disclosure
Oracle
Integrated Lights Out 3 Firmware
NVD
CVSS 3.0
3.7
EPSS
0.5%