1. Home
  2. CVE Database
  3. CVE-2018-7117
MEDIUM · 6.1

CVE-2018-7117

A remote Cross-Site Scripting in HPE iLO 5 Web User Interface vulnerability was identified in HPE Integrated Lights-Out 5 (iLO 5) for Gen10 ProLiant Servers earlier than version v1.40.

Vulnerability Description

A remote Cross-Site Scripting in HPE iLO 5 Web User Interface vulnerability was identified in HPE Integrated Lights-Out 5 (iLO 5) for Gen10 ProLiant Servers earlier than version v1.40.

CVSS Score

6.1

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
HpIntegrated Lights-Out 5 Firmware< 1.40
HpProliant Bl460C Gen10-
HpProliant Dl120 Gen10-
HpProliant Dl160 Gen10-
HpProliant Dl180 Gen10-
HpProliant Dl20 Gen10-
HpProliant Dl325 Gen10-
HpProliant Dl360 Gen10-
HpProliant Dl380 Gen10-
HpProliant Dl385 Gen10-
HpProliant Dl560 Gen10-
HpProliant Dl580 Gen10-
HpProliant Microserver Gen10-
HpProliant Ml110 Gen10-
HpProliant Ml30 Gen10-
HpProliant Ml350 Gen10-
HpProliant Xl170R Gen10-
HpProliant Xl190R Gen10-
HpProliant Xl230K Gen10-
HpProliant Xl450 Gen10-

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2018-7117?

CVE-2018-7117 is a vulnerability with a CVSS score of 6.1 (MEDIUM). A remote Cross-Site Scripting in HPE iLO 5 Web User Interface vulnerability was identified in HPE Integrated Lights-Out 5 (iLO 5) for Gen10 ProLiant Servers earlier than version v1.40.

How severe is CVE-2018-7117?

CVE-2018-7117 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-7117?

Check the references section above for vendor advisories and patch information. Affected products include: Hp Integrated Lights-Out 5 Firmware, Hp Proliant Bl460C Gen10, Hp Proliant Dl120 Gen10, Hp Proliant Dl160 Gen10, Hp Proliant Dl180 Gen10.