CVE-2023-28083 - Vulnerability Details

- Potential Cross-Site scripting vulnerability in HPE Integrated Lights-Out 6 (iLO 6), Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 4 (iLO 4).

Description

A remote Cross-site Scripting vulnerability was discovered in HPE Integrated Lights-Out 6 (iLO 6), Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 4 (iLO 4). HPE has provided software updates to resolve this vulnerability in HPE Integrated Lights-Out.

Published: 2023-03-20

Score: 8.3 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

HPE

Integrated Lights-Out

affected

Version	Status	Constraints
`Integrated Lights-Out 6 (iLO 6)`	affected	< 1.20
`Integrated Lights-Out 5 (iLO 5)`	affected	< 2.78
`Integrated Lights-Out 4 (iLO 4)`	affected	< 2.82

Configuration 1 [-]

AND

cpe:2.3:o:hp:integrated_lights-out_4:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:hpe:apollo_4200_gen9_server:-:::::::*
	cpe:2.3:h:hpe:apollo_r2000_chassis:-:::::::*
	cpe:2.3:h:hpe:proliant_bl420c_gen8_server:-:::::::*
	cpe:2.3:h:hpe:proliant_bl460c_gen8_server_blade:-:::::::*
	cpe:2.3:h:hpe:proliant_bl460c_gen9_server_blade:-:::::::*
	cpe:2.3:h:hpe:proliant_bl465c_gen8_server_blade:-:::::::*
	cpe:2.3:h:hpe:proliant_bl660c_gen8_server_blade:-:::::::*
	cpe:2.3:h:hpe:proliant_bl660c_gen9_server:-:::::::*
	cpe:2.3:h:hpe:proliant_dl120_gen9_server:-:::::::*
	cpe:2.3:h:hpe:proliant_dl160_gen8_server:-:::::::*
	cpe:2.3:h:hpe:proliant_dl160_gen9_server:-:::::::*
	cpe:2.3:h:hpe:proliant_dl180_gen9_server:-:::::::*
	cpe:2.3:h:hpe:proliant_dl20_gen9_server:-:::::::*
	cpe:2.3:h:hpe:proliant_dl320e_gen8_server:-:::::::*
	cpe:2.3:h:hpe:proliant_dl320e_gen8_v2_server:-:::::::*
	cpe:2.3:h:hpe:proliant_dl360_gen9_server:-:::::::*
	cpe:2.3:h:hpe:proliant_dl360e_gen8_server:-:::::::*
	cpe:2.3:h:hpe:proliant_dl360p_gen8_server:-:::::::*
	cpe:2.3:h:hpe:proliant_dl380_gen9_server:-:::::::*
	cpe:2.3:h:hpe:proliant_dl380e_gen8_server:-:::::::*
	cpe:2.3:h:hpe:proliant_dl380p_gen8_server:-:::::::*
	cpe:2.3:h:hpe:proliant_dl385p_gen8_\(amd\):-:::::::*
	cpe:2.3:h:hpe:proliant_dl560_gen8_server:-:::::::*
	cpe:2.3:h:hpe:proliant_dl560_gen9_server:-:::::::*
	cpe:2.3:h:hpe:proliant_dl580_gen8_server:-:::::::*
	cpe:2.3:h:hpe:proliant_dl580_gen9_server:-:::::::*
	cpe:2.3:h:hpe:proliant_dl60_gen9_server:-:::::::*
	cpe:2.3:h:hpe:proliant_dl80_gen9_server:-:::::::*
	cpe:2.3:h:hpe:proliant_microserver_gen8:-:::::::*
	cpe:2.3:h:hpe:proliant_ml110_gen9_server:-:::::::*
	cpe:2.3:h:hpe:proliant_ml30_gen9_server:-:::::::*
	cpe:2.3:h:hpe:proliant_ml310e_gen8_server:-:::::::*
	cpe:2.3:h:hpe:proliant_ml310e_gen8_v2_server:-:::::::*
	cpe:2.3:h:hpe:proliant_ml350_gen9_server:-:::::::*
	cpe:2.3:h:hpe:proliant_ml350e_gen8_server:-:::::::*
	cpe:2.3:h:hpe:proliant_ml350e_gen8_v2_server:-:::::::*
	cpe:2.3:h:hpe:proliant_ml350p_gen8_server:-:::::::*
	cpe:2.3:h:hpe:proliant_sl210t_gen8_server:-:::::::*
	cpe:2.3:h:hpe:proliant_sl230s_gen8_server:-:::::::*
	cpe:2.3:h:hpe:proliant_sl250s_gen8_server:-:::::::*
	cpe:2.3:h:hpe:proliant_sl270s_gen8_se_server:-:::::::*
	cpe:2.3:h:hpe:proliant_sl270s_gen8_server:-:::::::*
	cpe:2.3:h:hpe:proliant_ws460c_gen8_graphics_server_blade:-:::::::*
	cpe:2.3:h:hpe:proliant_ws460c_gen9_graphics_server_blade:-:::::::*
	cpe:2.3:h:hpe:proliant_xl170r_gen9_server:-:::::::*
	cpe:2.3:h:hpe:proliant_xl190r_gen9_server:-:::::::*
	cpe:2.3:h:hpe:proliant_xl220a_gen8_v2_server:-:::::::*
	cpe:2.3:h:hpe:proliant_xl230a_gen9_server:-:::::::*
	cpe:2.3:h:hpe:proliant_xl230b_gen9_server:-:::::::*
	cpe:2.3:h:hpe:proliant_xl250a_gen9_server:-:::::::*
	cpe:2.3:h:hpe:proliant_xl270d_gen9_special_server:-:::::::*
	cpe:2.3:h:hpe:proliant_xl450_gen9_server:-:::::::*
	cpe:2.3:h:hpe:proliant_xl730f_gen9_server:-:::::::*
	cpe:2.3:h:hpe:proliant_xl740f_gen9_server:-:::::::*
	cpe:2.3:h:hpe:proliant_xl750f_gen9_server:-:::::::*
	cpe:2.3:h:hpe:storeeasy_1430_storage:-:::::::*
	cpe:2.3:h:hpe:storeeasy_1440_storage:-:::::::*
	cpe:2.3:h:hpe:storeeasy_1450_storage:-:::::::*
	cpe:2.3:h:hpe:storeeasy_1530_storage:-:::::::*
	cpe:2.3:h:hpe:storeeasy_1540_storage:-:::::::*
	cpe:2.3:h:hpe:storeeasy_1550_storage:-:::::::*
	cpe:2.3:h:hpe:storeeasy_1630_storage:-:::::::*
	cpe:2.3:h:hpe:storeeasy_1640_storage:-:::::::*
	cpe:2.3:h:hpe:storeeasy_1650_expanded_storage:-:::::::*
cpe:2.3:h:hpe:storeeasy_1650_storage:-:::::::*
cpe:2.3:h:hpe:storeeasy_1830_storage:-:::::::*
cpe:2.3:h:hpe:storeeasy_1840_storage:-:::::::*
cpe:2.3:h:hpe:storeeasy_1850_storage:-:::::::*
cpe:2.3:h:hpe:storeeasy_3830_gateway_storage:-:::::::*
cpe:2.3:h:hpe:storeeasy_3830_gateway_storage_blade:-:::::::*
cpe:2.3:h:hpe:storeeasy_3840_gateway_storage:-:::::::*
cpe:2.3:h:hpe:storeeasy_3840_gateway_storage_blade:-:::::::*
cpe:2.3:h:hpe:storeeasy_3850_gateway_single_node_upgrade:-:::::::*
cpe:2.3:h:hpe:storeeasy_3850_gateway_storage:-:::::::*
cpe:2.3:h:hpe:storeeasy_3850_gateway_storage_blade:-:::::::*
cpe:2.3:h:hpe:storevirtual_3000_file_controller:-:::::::*
cpe:2.3:h:hpe:synergy_480_gen9_compute_module:-:::::::*
cpe:2.3:h:hpe:synergy_620_gen9_compute_module:-:::::::*
cpe:2.3:h:hpe:synergy_660_gen9_compute_module:-:::::::*
cpe:2.3:h:hpe:synergy_680_gen9_compute_module:-:::::::*

Configuration 2 [-]

AND

cpe:2.3:o:hp:integrated_lights-out_5:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:hpe:apollo_4200_gen10_plus_system:-:::::::*
	cpe:2.3:h:hpe:apollo_4200_gen10_server:-:::::::*
	cpe:2.3:h:hpe:apollo_4510_gen10_system:-:::::::*
	cpe:2.3:h:hpe:apollo_6500_gen10_plus_system:-:::::::*
	cpe:2.3:h:hpe:apollo_6500_gen10_system:-:::::::*
	cpe:2.3:h:hpe:apollo_n2600_gen10_plus:-:::::::*
	cpe:2.3:h:hpe:apollo_n2800_gen10_plus:-:::::::*
	cpe:2.3:h:hpe:apollo_r2200_gen10:-:::::::*
	cpe:2.3:h:hpe:apollo_r2600_gen10:-:::::::*
	cpe:2.3:h:hpe:apollo_r2800_gen10:-:::::::*
	cpe:2.3:h:hpe:edgeline_e920_server_blade:-:::::::*
	cpe:2.3:h:hpe:edgeline_e920d_server_blade:-:::::::*
	cpe:2.3:h:hpe:edgeline_e920t_server_blade:-:::::::*
	cpe:2.3:h:hpe:proliant_bl460c_gen10_server_blade:-:::::::*
	cpe:2.3:h:hpe:proliant_dl120_gen10_server:-:::::::*
	cpe:2.3:h:hpe:proliant_dl160_gen10_server:-:::::::*
	cpe:2.3:h:hpe:proliant_dl180_gen10_server:-:::::::*
	cpe:2.3:h:hpe:proliant_dl20_gen10_plus_server:-:::::::*
	cpe:2.3:h:hpe:proliant_dl20_gen10_server:-:::::::*
	cpe:2.3:h:hpe:proliant_dl325_gen10_plus_server:-:::::::*
	cpe:2.3:h:hpe:proliant_dl325_gen10_server:-:::::::*
	cpe:2.3:h:hpe:proliant_dl345_gen10_plus_server:-:::::::*
	cpe:2.3:h:hpe:proliant_dl360_gen10_plus_server:-:::::::*
	cpe:2.3:h:hpe:proliant_dl360_gen10_server:-:::::::*
	cpe:2.3:h:hpe:proliant_dl365_gen10_plus_server:-:::::::*
	cpe:2.3:h:hpe:proliant_dl380_gen10_plus_server:-:::::::*
	cpe:2.3:h:hpe:proliant_dl380_gen10_server:-:::::::*
	cpe:2.3:h:hpe:proliant_dl385_gen10_plus_server:-:::::::*
	cpe:2.3:h:hpe:proliant_dl385_gen10_plus_v2_server:-:::::::*
	cpe:2.3:h:hpe:proliant_dl385_gen10_server:-:::::::*
	cpe:2.3:h:hpe:proliant_dl560_gen10_server:-:::::::*
	cpe:2.3:h:hpe:proliant_dl580_gen10_server:-:::::::*
	cpe:2.3:h:hpe:proliant_dx170r_gen10_server:-:::::::*
	cpe:2.3:h:hpe:proliant_dx190r_gen10_server:-:::::::*
	cpe:2.3:h:hpe:proliant_dx220n_gen10_plus_server:-:::::::*
	cpe:2.3:h:hpe:proliant_dx325_gen10_plus_v2_server:-:::::::*
	cpe:2.3:h:hpe:proliant_dx360_gen10_plus_server:-:::::::*
	cpe:2.3:h:hpe:proliant_dx360_gen10_server:-:::::::*
	cpe:2.3:h:hpe:proliant_dx380_gen10_plus_server:-:::::::*
	cpe:2.3:h:hpe:proliant_dx380_gen10_server:-:::::::*
	cpe:2.3:h:hpe:proliant_dx385_gen10_plus_server:-:::::::*
	cpe:2.3:h:hpe:proliant_dx385_gen10_plus_v2_server:-:::::::*
	cpe:2.3:h:hpe:proliant_dx4200_gen10_server:-:::::::*
	cpe:2.3:h:hpe:proliant_dx560_gen10_server:-:::::::*
	cpe:2.3:h:hpe:proliant_e910_server_blade:-:::::::*
	cpe:2.3:h:hpe:proliant_e910t_server_blade:-:::::::*
	cpe:2.3:h:hpe:proliant_ml110_gen10_server:-:::::::*
	cpe:2.3:h:hpe:proliant_ml30_gen10_plus_server:-:::::::*
	cpe:2.3:h:hpe:proliant_ml350_gen10_server:-:::::::*
	cpe:2.3:h:hpe:proliant_xl170r_gen10_server:-:::::::*
	cpe:2.3:h:hpe:proliant_xl190r_gen10_server:-:::::::*
	cpe:2.3:h:hpe:proliant_xl220n_gen10_plus_server:-:::::::*
	cpe:2.3:h:hpe:proliant_xl225n_gen10_plus_1u_node:-:::::::*
	cpe:2.3:h:hpe:proliant_xl230k_gen10_server:-:::::::*
	cpe:2.3:h:hpe:proliant_xl270d_gen10_server:-:::::::*
	cpe:2.3:h:hpe:proliant_xl290n_gen10_plus_server:-:::::::*
	cpe:2.3:h:hpe:proliant_xl450_gen10_server:-:::::::*
	cpe:2.3:h:hpe:proliant_xl645d_gen10_plus_server:-:::::::*
	cpe:2.3:h:hpe:proliant_xl675d_gen10_plus_server:-:::::::*
	cpe:2.3:h:hpe:storage_file_controller:-:::::::*
	cpe:2.3:h:hpe:storage_performance_file_controller:-:::::::*
	cpe:2.3:h:hpe:storeeasy_1460_storage:-:::::::*
	cpe:2.3:h:hpe:storeeasy_1560_storage:-:::::::*
	cpe:2.3:h:hpe:storeeasy_1660_expanded_storage:-:::::::*
cpe:2.3:h:hpe:storeeasy_1660_performance_storage:-:::::::*
cpe:2.3:h:hpe:storeeasy_1660_storage:-:::::::*
cpe:2.3:h:hpe:storeeasy_1860_performance_storage:-:::::::*
cpe:2.3:h:hpe:storeeasy_1860_storage:-:::::::*
cpe:2.3:h:hpe:synergy_480_gen10_compute_module:-:::::::*
cpe:2.3:h:hpe:synergy_480_gen10_plus_compute_module:-:::::::*
cpe:2.3:h:hpe:synergy_660_gen10_compute_module:-:::::::*

Configuration 3 [-]

AND

cpe:2.3:o:hp:integrated_lights-out_6:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:hpe:proliant_dl320_gen11_server:-:::::::*
	cpe:2.3:h:hpe:proliant_dl325_gen11_server:-:::::::*
	cpe:2.3:h:hpe:proliant_dl345_gen11_server:-:::::::*
	cpe:2.3:h:hpe:proliant_dl360_gen11_server:-:::::::*
	cpe:2.3:h:hpe:proliant_dl365_gen11_server:-:::::::*
	cpe:2.3:h:hpe:proliant_dl380_gen11_server:-:::::::*
	cpe:2.3:h:hpe:proliant_dl385_gen11_server:-:::::::*
	cpe:2.3:h:hpe:proliant_ml350_gen11_server:-:::::::*

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2023-31808	A remote Cross-site Scripting vulnerability was discovered in HPE Integrated Lights-Out 6 (iLO 6), Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 4 (iLO 4). HPE has provided software updates to resolve this vulnerability in HPE Integrated Lights-Out.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00242.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04456en_us

History

Tue, 04 Mar 2025 03:45:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Subscriptions

Hp Integrated Lights-out 4 Integrated Lights-out 5 Integrated Lights-out 6

Hpe Apollo 4200 Gen10 Plus System Apollo 4200 Gen10 Server Apollo 4200 Gen9 Server Apollo 4510 Gen10 System Apollo 6500 Gen10 Plus System Apollo 6500 Gen10 System Apollo N2600 Gen10 Plus Apollo N2800 Gen10 Plus Apollo R2000 Chassis Apollo R2200 Gen10 Apollo R2600 Gen10 Apollo R2800 Gen10 Edgeline E920 Server Blade Edgeline E920d Server Blade Edgeline E920t Server Blade Proliant Bl420c Gen8 Server Proliant Bl460c Gen10 Server Blade Proliant Bl460c Gen8 Server Blade Proliant Bl460c Gen9 Server Blade Proliant Bl465c Gen8 Server Blade Proliant Bl660c Gen8 Server Blade Proliant Bl660c Gen9 Server Proliant Dl120 Gen10 Server Proliant Dl120 Gen9 Server Proliant Dl160 Gen10 Server Proliant Dl160 Gen8 Server Proliant Dl160 Gen9 Server Proliant Dl180 Gen10 Server Proliant Dl180 Gen9 Server Proliant Dl20 Gen10 Plus Server Proliant Dl20 Gen10 Server Proliant Dl20 Gen9 Server Proliant Dl320 Gen11 Server Proliant Dl320e Gen8 Server Proliant Dl320e Gen8 V2 Server Proliant Dl325 Gen10 Plus Server Proliant Dl325 Gen10 Server Proliant Dl325 Gen11 Server Proliant Dl345 Gen10 Plus Server Proliant Dl345 Gen11 Server Proliant Dl360 Gen10 Plus Server Proliant Dl360 Gen10 Server Proliant Dl360 Gen11 Server Proliant Dl360 Gen9 Server Proliant Dl360e Gen8 Server Proliant Dl360p Gen8 Server Proliant Dl365 Gen10 Plus Server Proliant Dl365 Gen11 Server Proliant Dl380 Gen10 Plus Server Proliant Dl380 Gen10 Server Proliant Dl380 Gen11 Server Proliant Dl380 Gen9 Server Proliant Dl380e Gen8 Server Proliant Dl380p Gen8 Server Proliant Dl385 Gen10 Plus Server Proliant Dl385 Gen10 Plus V2 Server Proliant Dl385 Gen10 Server Proliant Dl385 Gen11 Server Proliant Dl385p Gen8 \(amd\) Proliant Dl560 Gen10 Server Proliant Dl560 Gen8 Server Proliant Dl560 Gen9 Server Proliant Dl580 Gen10 Server Proliant Dl580 Gen8 Server Proliant Dl580 Gen9 Server Proliant Dl60 Gen9 Server Proliant Dl80 Gen9 Server Proliant Dx170r Gen10 Server Proliant Dx190r Gen10 Server Proliant Dx220n Gen10 Plus Server Proliant Dx325 Gen10 Plus V2 Server Proliant Dx360 Gen10 Plus Server Proliant Dx360 Gen10 Server Proliant Dx380 Gen10 Plus Server Proliant Dx380 Gen10 Server Proliant Dx385 Gen10 Plus Server Proliant Dx385 Gen10 Plus V2 Server Proliant Dx4200 Gen10 Server Proliant Dx560 Gen10 Server Proliant E910 Server Blade Proliant E910t Server Blade Proliant Microserver Gen8 Proliant Ml110 Gen10 Server Proliant Ml110 Gen9 Server Proliant Ml30 Gen10 Plus Server Proliant Ml30 Gen9 Server Proliant Ml310e Gen8 Server Proliant Ml310e Gen8 V2 Server Proliant Ml350 Gen10 Server Proliant Ml350 Gen11 Server Proliant Ml350 Gen9 Server Proliant Ml350e Gen8 Server Proliant Ml350e Gen8 V2 Server Proliant Ml350p Gen8 Server Proliant Sl210t Gen8 Server Proliant Sl230s Gen8 Server Proliant Sl250s Gen8 Server Proliant Sl270s Gen8 Se Server Proliant Sl270s Gen8 Server Proliant Ws460c Gen8 Graphics Server Blade Proliant Ws460c Gen9 Graphics Server Blade Proliant Xl170r Gen10 Server Proliant Xl170r Gen9 Server Proliant Xl190r Gen10 Server Proliant Xl190r Gen9 Server Proliant Xl220a Gen8 V2 Server Proliant Xl220n Gen10 Plus Server Proliant Xl225n Gen10 Plus 1u Node Proliant Xl230a Gen9 Server Proliant Xl230b Gen9 Server Proliant Xl230k Gen10 Server Proliant Xl250a Gen9 Server Proliant Xl270d Gen10 Server Proliant Xl270d Gen9 Special Server Proliant Xl290n Gen10 Plus Server Proliant Xl450 Gen10 Server Proliant Xl450 Gen9 Server Proliant Xl645d Gen10 Plus Server Proliant Xl675d Gen10 Plus Server Proliant Xl730f Gen9 Server Proliant Xl740f Gen9 Server Proliant Xl750f Gen9 Server Storage File Controller Storage Performance File Controller Storeeasy 1430 Storage Storeeasy 1440 Storage Storeeasy 1450 Storage Storeeasy 1460 Storage Storeeasy 1530 Storage Storeeasy 1540 Storage Storeeasy 1550 Storage Storeeasy 1560 Storage Storeeasy 1630 Storage Storeeasy 1640 Storage Storeeasy 1650 Expanded Storage Storeeasy 1650 Storage Storeeasy 1660 Expanded Storage Storeeasy 1660 Performance Storage Storeeasy 1660 Storage Storeeasy 1830 Storage Storeeasy 1840 Storage Storeeasy 1850 Storage Storeeasy 1860 Performance Storage Storeeasy 1860 Storage Storeeasy 3830 Gateway Storage Storeeasy 3830 Gateway Storage Blade Storeeasy 3840 Gateway Storage Storeeasy 3840 Gateway Storage Blade Storeeasy 3850 Gateway Single Node Upgrade Storeeasy 3850 Gateway Storage Storeeasy 3850 Gateway Storage Blade Storevirtual 3000 File Controller Synergy 480 Gen10 Compute Module Synergy 480 Gen10 Plus Compute Module Synergy 480 Gen9 Compute Module Synergy 620 Gen9 Compute Module Synergy 660 Gen10 Compute Module Synergy 660 Gen9 Compute Module Synergy 680 Gen9 Compute Module

MITRE

Status: PUBLISHED

Assigner: hpe

Published: 2023-03-20T12:34:16.606Z

Updated: 2025-02-26T19:17:12.354Z

Reserved: 2023-03-10T14:47:44.211Z

Link: CVE-2023-28083

Vulnrichment

Updated: 2024-08-02T12:30:23.521Z

NVD

Status : Modified

Published: 2023-03-22T06:15:10.950

Modified: 2024-11-21T07:54:22.000

Link: CVE-2023-28083

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-79

Tracking

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction Required

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object