Vulnerabilities > CVE-2013-4843 - Unspecified vulnerability in HP products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN hp
nessus
Summary
Unspecified vulnerability in HP Integrated Lights-Out 4 (iLO4) with firmware before 1.32 allows remote authenticated users to obtain sensitive information via unknown vectors.
Vulnerable Configurations
Nessus
NASL family CGI abuses NASL id ILO_1_32__1_65.NASL description According to its version number, the remote HP Integrated Lights-Out (iLO) server is affected by the following vulnerabilities : - An unspecified error exists that could allow cross- site scripting attacks. (CVE-2013-4842 / SSRT101323) - An unspecified error exists that could allow an attacker to obtain sensitive information. (CVE-2013-4843 / SSRT101326) last seen 2020-06-01 modified 2020-06-02 plugin id 71494 published 2013-12-17 reporter This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/71494 title iLO 3 < 1.65 / iLO 4 < 1.32 Multiple Vulnerabilities NASL family CGI abuses NASL id ILO_HPSBHF_02939.NASL description According to its version number, the firmware of Integrated Lights-Out running on the remote web server is iLO 3 prior to 1.65 or iLO 4 prior to 1.32. It is, therefore, affected by multiple vulnerabilities: - A cross-site scripting (XSS) vulnerability exists due to improper validation of user-supplied input before returning it to users. An unauthenticated, remote attacker can exploit this, by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user last seen 2020-06-01 modified 2020-06-02 plugin id 122188 published 2019-02-14 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122188 title iLO 3 < 1.65 / iLO 4 < 1.32 Multiple Vulnerabilities