Vulnerabilities (CVE)

Filtered by vendor Hpe Subscribe
Filtered by product Apollo 4200 Gen10 Server
Total 17 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-30911 1 Hpe 77 Alletra 4110, Alletra 4120, Alletra 4140 and 74 more 2024-02-28 N/A 7.5 HIGH
HPE Integrated Lights-Out 5, and Integrated Lights-Out 6 using iLOrest may cause denial of service.
CVE-2023-28083 2 Hp, Hpe 162 Integrated Lights-out 4, Integrated Lights-out 5, Integrated Lights-out 6 and 159 more 2024-02-28 N/A 5.4 MEDIUM
A remote Cross-site Scripting vulnerability was discovered in HPE Integrated Lights-Out 6 (iLO 6), Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 4 (iLO 4). HPE has provided software updates to resolve this vulnerability in HPE Integrated Lights-Out.
CVE-2021-46846 2 Hp, Hpe 45 3par Service Processor, Apollo R2000 Chassis, Integrated Lights-out 5 Firmware and 42 more 2024-02-28 N/A 6.1 MEDIUM
Cross Site Scripting vulnerability in Hewlett Packard Enterprise Integrated Lights-Out 5.
CVE-2022-28632 1 Hpe 75 Apollo 2000 Gen10 Plus System, Apollo 4200 Gen10 Server, Apollo 4510 Gen10 System and 72 more 2024-02-28 N/A 8.8 HIGH
A potential arbitrary code execution and a denial of service (DoS) vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could exploit this vulnerability in an adjacent network to potentially execute arbitrary code in an isolated process resulting in a complete loss of confidentiality, integrity, and availability within that process. In addition, an unprivileged user could exploit a denial of service (DoS) vulnerability in an isolated process resulting in a complete loss of availability within that process. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5).
CVE-2022-28627 1 Hpe 75 Apollo 2000 Gen10 Plus System, Apollo 4200 Gen10 Server, Apollo 4510 Gen10 System and 72 more 2024-02-28 N/A 8.4 HIGH
A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality, integrity, and availability. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5).
CVE-2022-28636 1 Hpe 75 Apollo 2000 Gen10 Plus System, Apollo 4200 Gen10 Server, Apollo 4510 Gen10 System and 72 more 2024-02-28 N/A 7.4 HIGH
A potential local arbitrary code execution and a local denial of service (DoS) vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could locally exploit this vulnerability to potentially execute arbitrary code in an isolated process resulting in a complete loss of confidentiality, integrity, and availability within that process. In addition, an unprivileged user could exploit a denial of service (DoS) vulnerability in an isolated process resulting in a complete loss of availability within that process. A successful attack depends on conditions beyond the attackers control. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5).
CVE-2022-28631 1 Hpe 75 Apollo 2000 Gen10 Plus System, Apollo 4200 Gen10 Server, Apollo 4510 Gen10 System and 72 more 2024-02-28 N/A 8.8 HIGH
A potential arbitrary code execution and a denial of service (DoS) vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could exploit this vulnerability in an adjacent network to potentially execute arbitrary code in an isolated process resulting in a complete loss of confidentiality, integrity, and availability within that process. In addition, an unprivileged user could exploit a denial of service (DoS) vulnerability in an isolated process resulting in a complete loss of availability within that process. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5).
CVE-2022-28630 1 Hpe 75 Apollo 2000 Gen10 Plus System, Apollo 4200 Gen10 Server, Apollo 4510 Gen10 System and 72 more 2024-02-28 N/A 7.3 HIGH
A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality and integrity, and a partial loss of availability. User interaction is required to exploit this vulnerability. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5).
CVE-2022-28628 1 Hpe 75 Apollo 2000 Gen10 Plus System, Apollo 4200 Gen10 Server, Apollo 4510 Gen10 System and 72 more 2024-02-28 N/A 8.4 HIGH
A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality, integrity, and availability. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5).
CVE-2022-28626 1 Hpe 75 Apollo 2000 Gen10 Plus System, Apollo 4200 Gen10 Server, Apollo 4510 Gen10 System and 72 more 2024-02-28 N/A 6.7 MEDIUM
A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. A highly privileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality, integrity, and availability. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5).
CVE-2022-28629 1 Hpe 75 Apollo 2000 Gen10 Plus System, Apollo 4200 Gen10 Server, Apollo 4510 Gen10 System and 72 more 2024-02-28 N/A 7.8 HIGH
A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. A low privileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality, integrity, and availability. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5).
CVE-2022-28633 1 Hpe 75 Apollo 2000 Gen10 Plus System, Apollo 4200 Gen10 Server, Apollo 4510 Gen10 System and 72 more 2024-02-28 N/A 7.3 HIGH
A local disclosure of sensitive information and a local unauthorized data modification vulnerability were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could locally exploit this vulnerability to read and write to the iLO 5 firmware file system resulting in a complete loss of confidentiality and a partial loss of integrity and availability. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5).
CVE-2022-28635 1 Hpe 75 Apollo 2000 Gen10 Plus System, Apollo 4200 Gen10 Server, Apollo 4510 Gen10 System and 72 more 2024-02-28 N/A 7.4 HIGH
A potential local arbitrary code execution and a local denial of service (DoS) vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could locally exploit this vulnerability to potentially execute arbitrary code in an isolated process resulting in a complete loss of confidentiality, integrity, and availability within that process. In addition, an unprivileged user could exploit a denial of service (DoS) vulnerability in an isolated process resulting in a complete loss of availability within that process. A successful attack depends on conditions beyond the attackers control. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5).
CVE-2022-28634 1 Hpe 75 Apollo 2000 Gen10 Plus System, Apollo 4200 Gen10 Server, Apollo 4510 Gen10 System and 72 more 2024-02-28 N/A 6.7 MEDIUM
A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. A highly privileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality, integrity, and availability. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5).
CVE-2020-7205 1 Hpe 118 Apollo 2000 Gen10 Plus System, Apollo 4200 Gen10 Server, Apollo 4200 Gen9 Server and 115 more 2024-02-28 7.2 HIGH 6.7 MEDIUM
A potential security vulnerability has been identified in HPE Intelligent Provisioning, Service Pack for ProLiant, and HPE Scripting ToolKit. The vulnerability could be locally exploited to allow arbitrary code execution during the boot process. **Note:** This vulnerability is related to using insmod in GRUB2 in the specific impacted HPE product and HPE is addressing this issue. HPE has made the following software updates and mitigation information to resolve the vulnerability in Intelligent Provisioning, Service Pack for ProLiant, and HPE Scripting ToolKit. HPE provided latest Intelligent Provisioning, Service Pack for ProLiant, and HPE Scripting Toolkit which includes the GRUB2 patch to resolve this vulnerability. These new boot images will update GRUB2 and the Forbidden Signature Database (DBX). After the DBX is updated, users will not be able to boot to the older IP, SPP or Scripting ToolKit with Secure Boot enabled. HPE have provided a standalone DBX update tool to work with Microsoft Windows, and supported Linux Operating Systems. These tools can be used to update the Forbidden Signature Database (DBX) from within the OS. **Note:** This DBX update mitigates the GRUB2 issue with insmod enabled, and the "Boot Hole" issue for HPE signed GRUB2 applications.
CVE-2019-11137 2 Hpe, Intel 568 Apollo 4200 Gen10 Server, Apollo 4200 Gen10 Server Firmware, Apollo 4200 Gen9 Server and 565 more 2024-02-28 4.6 MEDIUM 8.2 HIGH
Insufficient input validation in system firmware for Intel(R) Xeon(R) Scalable Processors, Intel(R) Xeon(R) Processors D Family, Intel(R) Xeon(R) Processors E5 v4 Family, Intel(R) Xeon(R) Processors E7 v4 Family and Intel(R) Atom(R) processor C Series may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.
CVE-2019-11136 2 Hpe, Intel 568 Apollo 4200 Gen10 Server, Apollo 4200 Gen10 Server Firmware, Apollo 4200 Gen9 Server and 565 more 2024-02-28 4.6 MEDIUM 6.7 MEDIUM
Insufficient access control in system firmware for Intel(R) Xeon(R) Scalable Processors, 2nd Generation Intel(R) Xeon(R) Scalable Processors and Intel(R) Xeon(R) Processors D Family may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.