A potential remote host header injection security vulnerability has been identified in HPE Integrated Lights-Out 4 (iLO 4) firmware version(s): Prior to 2.60. This vulnerability could be remotely exploited to allow an attacker to supply invalid input to the iLO 4 webserver, causing it to respond with a redirect to an attacker-controlled domain. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 4 (iLO 4).
References
Link | Resource |
---|---|
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04249en_us | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
08 Mar 2022, 16:05
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04249en_us - Vendor Advisory | |
First Time |
Hpe
Hpe integrated Lights-out Hpe integrated Lights-out 4 |
|
CWE | CWE-74 | |
CPE | cpe:2.3:o:hpe:integrated_lights-out:*:*:*:*:*:*:*:* cpe:2.3:h:hpe:integrated_lights-out_4:-:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 5.3 |
24 Feb 2022, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-02-24 22:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-23701
Mitre link : CVE-2022-23701
CVE.ORG link : CVE-2022-23701
JSON object : View
Products Affected
hpe
- integrated_lights-out_4
- integrated_lights-out
CWE
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')