6.1
CVE-2018-7117
- EPSS 0.99%
- Published 09.04.2019 19:29:01
- Last modified 21.11.2024 04:11:40
- Source security-alert@hpe.com
- Teams watchlist Login
- Open Login
A remote Cross-Site Scripting in HPE iLO 5 Web User Interface vulnerability was identified in HPE Integrated Lights-Out 5 (iLO 5) for Gen10 ProLiant Servers earlier than version v1.40.
Data is provided by the National Vulnerability Database (NVD)
Hp ≫ Integrated Lights-out 5 Firmware Version < 1.40
Hp ≫ Proliant Bl460c Gen10 Version-
Hp ≫ Proliant Dl120 Gen10 Version-
Hp ≫ Proliant Dl160 Gen10 Version-
Hp ≫ Proliant Dl180 Gen10 Version-
Hp ≫ Proliant Dl20 Gen10 Version-
Hp ≫ Proliant Dl325 Gen10 Version-
Hp ≫ Proliant Dl360 Gen10 Version-
Hp ≫ Proliant Dl380 Gen10 Version-
Hp ≫ Proliant Dl385 Gen10 Version-
Hp ≫ Proliant Dl560 Gen10 Version-
Hp ≫ Proliant Dl580 Gen10 Version-
Hp ≫ Proliant Microserver Gen10 Version-
Hp ≫ Proliant Ml110 Gen10 Version-
Hp ≫ Proliant Ml30 Gen10 Version-
Hp ≫ Proliant Ml350 Gen10 Version-
Hp ≫ Proliant Xl170r Gen10 Version-
Hp ≫ Proliant Xl190r Gen10 Version-
Hp ≫ Proliant Xl230k Gen10 Version-
Hp ≫ Proliant Xl450 Gen10 Version-
Hp ≫ Proliant Dl120 Gen10 Version-
Hp ≫ Proliant Dl160 Gen10 Version-
Hp ≫ Proliant Dl180 Gen10 Version-
Hp ≫ Proliant Dl20 Gen10 Version-
Hp ≫ Proliant Dl325 Gen10 Version-
Hp ≫ Proliant Dl360 Gen10 Version-
Hp ≫ Proliant Dl380 Gen10 Version-
Hp ≫ Proliant Dl385 Gen10 Version-
Hp ≫ Proliant Dl560 Gen10 Version-
Hp ≫ Proliant Dl580 Gen10 Version-
Hp ≫ Proliant Microserver Gen10 Version-
Hp ≫ Proliant Ml110 Gen10 Version-
Hp ≫ Proliant Ml30 Gen10 Version-
Hp ≫ Proliant Ml350 Gen10 Version-
Hp ≫ Proliant Xl170r Gen10 Version-
Hp ≫ Proliant Xl190r Gen10 Version-
Hp ≫ Proliant Xl230k Gen10 Version-
Hp ≫ Proliant Xl450 Gen10 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.99% | 0.759 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.