A potential remote host header injection security vulnerability has been identified in HPE Integrated Lights-Out 4 (iLO 4) firmware version(s): Prior to 2.60. This vulnerability could be remotely exploited to allow an attacker to supply invalid input to the iLO 4 webserver, causing it to respond with a redirect to an attacker-controlled domain. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 4 (iLO 4).
Published 2022-02-24 22:15:08
Updated 2022-03-08 16:05:28
View at NVD,   CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2022-23701

0.07%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 30 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-23701

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
5.0
MEDIUM AV:N/AC:L/Au:N/C:N/I:P/A:N
10.0
2.9
NIST
5.3
MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
3.9
1.4
NIST

CWE ids for CVE-2022-23701

References for CVE-2022-23701

Products affected by CVE-2022-23701

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!