Summary
HP Integrated Lights-Out is prone to multiple vulnerabilities.
Impact
An attacker may leverage this issue to obtain sensitive information that may aid in further attacks or to execute arbitrary HTML and script code in an unsuspecting user's browser in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Solution
Updates are available.
Insight
HP Integrated Lights-Out is prone to a Cross Site Scripting and an Information Disclosure Vulnerability.
Affected
Versions prior to HP Integrated Lights-Out 4 1.32 and HP Integrated Lights-Out 3 1.65 are vulnerable.
Detection
Check the version of HP Integrated Lights-Out.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2013-4842, CVE-2013-4843 -
CVSS Base Score: 6.8
AV:N/AC:L/Au:S/C:C/I:N/A:N
Related Vulnerabilities
- Apache Subversion Module Metadata Accessible
- AjaXplorer Remote Command Injection and Local File Disclosure Vulnerabilities
- @Mail 'MailType' Parameter Cross Site Scripting Vulnerability
- 1024 CMS 1.1.0 Beta 'force_download.php' Local File Include Vulnerability
- Apache Tomcat RemoteFilterValve Security Bypass Vulnerability