Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-28083

A remote Cross-site Scripting vulnerability was discovered in HPE Integrated Lights-Out 6 (iLO 6), Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 4 (iLO 4). HPE has provided software updates to resolve this vulnerability in HPE Integrated Lights-Out.

Security Impact Summary

This vulnerability carries a HIGH severity rating with a CVSS v3.1 score of 8.3, indicating it requires adjacent network access with relatively low complexity though user interaction is required requiring only low-level privileges . The vulnerability impacts confidentiality (data exposure), integrity (unauthorized modifications), and limited availability for affected systems. Impacting 162 products from hp, from hpe, from hpe and 159 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Reported in 2023, this vulnerability emerged during an era marked by increased sophistication in supply chain attacks, cloud infrastructure vulnerabilities, and software-as-a-service (SaaS) security challenges. Security practices during this period emphasized zero-trust architectures, container security, and API protection.

Published

2023-03-22T06:15:10.950

Last Modified

2024-11-21T07:54:22.000

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.3 (HIGH)

Weaknesses

Type: Secondary
CWE-79
Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	hp	integrated_lights-out_4	< 2.82	Yes
Hardware	hpe	apollo_4200_gen9_server	-	No
Hardware	hpe	apollo_r2000_chassis	-	No
Hardware	hpe	proliant_bl420c_gen8_server	-	No
Hardware	hpe	proliant_bl460c_gen8_server_blade	-	No
Hardware	hpe	proliant_bl460c_gen9_server_blade	-	No
Hardware	hpe	proliant_bl465c_gen8_server_blade	-	No
Hardware	hpe	proliant_bl660c_gen8_server_blade	-	No
Hardware	hpe	proliant_bl660c_gen9_server	-	No
Hardware	hpe	proliant_dl120_gen9_server	-	No
Hardware	hpe	proliant_dl160_gen8_server	-	No
Hardware	hpe	proliant_dl160_gen9_server	-	No
Hardware	hpe	proliant_dl180_gen9_server	-	No
Hardware	hpe	proliant_dl20_gen9_server	-	No
Hardware	hpe	proliant_dl320e_gen8_server	-	No
Hardware	hpe	proliant_dl320e_gen8_v2_server	-	No
Hardware	hpe	proliant_dl360_gen9_server	-	No
Hardware	hpe	proliant_dl360e_gen8_server	-	No
Hardware	hpe	proliant_dl360p_gen8_server	-	No
Hardware	hpe	proliant_dl380_gen9_server	-	No
Hardware	hpe	proliant_dl380e_gen8_server	-	No
Hardware	hpe	proliant_dl380p_gen8_server	-	No
Hardware	hpe	proliant_dl385p_gen8_\(amd\)	-	No
Hardware	hpe	proliant_dl560_gen8_server	-	No
Hardware	hpe	proliant_dl560_gen9_server	-	No
Hardware	hpe	proliant_dl580_gen8_server	-	No
Hardware	hpe	proliant_dl580_gen9_server	-	No
Hardware	hpe	proliant_dl60_gen9_server	-	No
Hardware	hpe	proliant_dl80_gen9_server	-	No
Hardware	hpe	proliant_microserver_gen8	-	No
Hardware	hpe	proliant_ml110_gen9_server	-	No
Hardware	hpe	proliant_ml30_gen9_server	-	No
Hardware	hpe	proliant_ml310e_gen8_server	-	No
Hardware	hpe	proliant_ml310e_gen8_v2_server	-	No
Hardware	hpe	proliant_ml350_gen9_server	-	No
Hardware	hpe	proliant_ml350e_gen8_server	-	No
Hardware	hpe	proliant_ml350e_gen8_v2_server	-	No
Hardware	hpe	proliant_ml350p_gen8_server	-	No
Hardware	hpe	proliant_sl210t_gen8_server	-	No
Hardware	hpe	proliant_sl230s_gen8_server	-	No
Hardware	hpe	proliant_sl250s_gen8_server	-	No
Hardware	hpe	proliant_sl270s_gen8_se_server	-	No
Hardware	hpe	proliant_sl270s_gen8_server	-	No
Hardware	hpe	proliant_ws460c_gen8_graphics_server_blade	-	No
Hardware	hpe	proliant_ws460c_gen9_graphics_server_blade	-	No
Hardware	hpe	proliant_xl170r_gen9_server	-	No
Hardware	hpe	proliant_xl190r_gen9_server	-	No
Hardware	hpe	proliant_xl220a_gen8_v2_server	-	No
Hardware	hpe	proliant_xl230a_gen9_server	-	No
Hardware	hpe	proliant_xl230b_gen9_server	-	No
Hardware	hpe	proliant_xl250a_gen9_server	-	No
Hardware	hpe	proliant_xl270d_gen9_special_server	-	No
Hardware	hpe	proliant_xl450_gen9_server	-	No
Hardware	hpe	proliant_xl730f_gen9_server	-	No
Hardware	hpe	proliant_xl740f_gen9_server	-	No
Hardware	hpe	proliant_xl750f_gen9_server	-	No
Hardware	hpe	storeeasy_1430_storage	-	No
Hardware	hpe	storeeasy_1440_storage	-	No
Hardware	hpe	storeeasy_1450_storage	-	No
Hardware	hpe	storeeasy_1530_storage	-	No
Hardware	hpe	storeeasy_1540_storage	-	No
Hardware	hpe	storeeasy_1550_storage	-	No
Hardware	hpe	storeeasy_1630_storage	-	No
Hardware	hpe	storeeasy_1640_storage	-	No
Hardware	hpe	storeeasy_1650_expanded_storage	-	No
Hardware	hpe	storeeasy_1650_storage	-	No
Hardware	hpe	storeeasy_1830_storage	-	No
Hardware	hpe	storeeasy_1840_storage	-	No
Hardware	hpe	storeeasy_1850_storage	-	No
Hardware	hpe	storeeasy_3830_gateway_storage	-	No
Hardware	hpe	storeeasy_3830_gateway_storage_blade	-	No
Hardware	hpe	storeeasy_3840_gateway_storage	-	No
Hardware	hpe	storeeasy_3840_gateway_storage_blade	-	No
Hardware	hpe	storeeasy_3850_gateway_single_node_upgrade	-	No
Hardware	hpe	storeeasy_3850_gateway_storage	-	No
Hardware	hpe	storeeasy_3850_gateway_storage_blade	-	No
Hardware	hpe	storevirtual_3000_file_controller	-	No
Hardware	hpe	synergy_480_gen9_compute_module	-	No
Hardware	hpe	synergy_620_gen9_compute_module	-	No
Hardware	hpe	synergy_660_gen9_compute_module	-	No
Hardware	hpe	synergy_680_gen9_compute_module	-	No
Operating System	hp	integrated_lights-out_5	< 2.78	Yes
Hardware	hpe	apollo_4200_gen10_plus_system	-	No
Hardware	hpe	apollo_4200_gen10_server	-	No
Hardware	hpe	apollo_4510_gen10_system	-	No
Hardware	hpe	apollo_6500_gen10_plus_system	-	No
Hardware	hpe	apollo_6500_gen10_system	-	No
Hardware	hpe	apollo_n2600_gen10_plus	-	No
Hardware	hpe	apollo_n2800_gen10_plus	-	No
Hardware	hpe	apollo_r2200_gen10	-	No
Hardware	hpe	apollo_r2600_gen10	-	No
Hardware	hpe	apollo_r2800_gen10	-	No
Hardware	hpe	edgeline_e920_server_blade	-	No
Hardware	hpe	edgeline_e920d_server_blade	-	No
Hardware	hpe	edgeline_e920t_server_blade	-	No
Hardware	hpe	proliant_bl460c_gen10_server_blade	-	No
Hardware	hpe	proliant_dl120_gen10_server	-	No
Hardware	hpe	proliant_dl160_gen10_server	-	No
Hardware	hpe	proliant_dl180_gen10_server	-	No
Hardware	hpe	proliant_dl20_gen10_plus_server	-	No
Hardware	hpe	proliant_dl20_gen10_server	-	No
Hardware	hpe	proliant_dl325_gen10_plus_server	-	No
Hardware	hpe	proliant_dl325_gen10_server	-	No
Hardware	hpe	proliant_dl345_gen10_plus_server	-	No
Hardware	hpe	proliant_dl360_gen10_plus_server	-	No
Hardware	hpe	proliant_dl360_gen10_server	-	No
Hardware	hpe	proliant_dl365_gen10_plus_server	-	No
Hardware	hpe	proliant_dl380_gen10_plus_server	-	No
Hardware	hpe	proliant_dl380_gen10_server	-	No
Hardware	hpe	proliant_dl385_gen10_plus_server	-	No
Hardware	hpe	proliant_dl385_gen10_plus_v2_server	-	No
Hardware	hpe	proliant_dl385_gen10_server	-	No
Hardware	hpe	proliant_dl560_gen10_server	-	No
Hardware	hpe	proliant_dl580_gen10_server	-	No
Hardware	hpe	proliant_dx170r_gen10_server	-	No
Hardware	hpe	proliant_dx190r_gen10_server	-	No
Hardware	hpe	proliant_dx220n_gen10_plus_server	-	No
Hardware	hpe	proliant_dx325_gen10_plus_v2_server	-	No
Hardware	hpe	proliant_dx360_gen10_plus_server	-	No
Hardware	hpe	proliant_dx360_gen10_server	-	No
Hardware	hpe	proliant_dx380_gen10_plus_server	-	No
Hardware	hpe	proliant_dx380_gen10_server	-	No
Hardware	hpe	proliant_dx385_gen10_plus_server	-	No
Hardware	hpe	proliant_dx385_gen10_plus_v2_server	-	No
Hardware	hpe	proliant_dx4200_gen10_server	-	No
Hardware	hpe	proliant_dx560_gen10_server	-	No
Hardware	hpe	proliant_e910_server_blade	-	No
Hardware	hpe	proliant_e910t_server_blade	-	No
Hardware	hpe	proliant_ml110_gen10_server	-	No
Hardware	hpe	proliant_ml30_gen10_plus_server	-	No
Hardware	hpe	proliant_ml350_gen10_server	-	No
Hardware	hpe	proliant_xl170r_gen10_server	-	No
Hardware	hpe	proliant_xl190r_gen10_server	-	No
Hardware	hpe	proliant_xl220n_gen10_plus_server	-	No
Hardware	hpe	proliant_xl225n_gen10_plus_1u_node	-	No
Hardware	hpe	proliant_xl230k_gen10_server	-	No
Hardware	hpe	proliant_xl270d_gen10_server	-	No
Hardware	hpe	proliant_xl290n_gen10_plus_server	-	No
Hardware	hpe	proliant_xl450_gen10_server	-	No
Hardware	hpe	proliant_xl645d_gen10_plus_server	-	No
Hardware	hpe	proliant_xl675d_gen10_plus_server	-	No
Hardware	hpe	storage_file_controller	-	No
Hardware	hpe	storage_performance_file_controller	-	No
Hardware	hpe	storeeasy_1460_storage	-	No
Hardware	hpe	storeeasy_1560_storage	-	No
Hardware	hpe	storeeasy_1660_expanded_storage	-	No
Hardware	hpe	storeeasy_1660_performance_storage	-	No
Hardware	hpe	storeeasy_1660_storage	-	No
Hardware	hpe	storeeasy_1860_performance_storage	-	No
Hardware	hpe	storeeasy_1860_storage	-	No
Hardware	hpe	synergy_480_gen10_compute_module	-	No
Hardware	hpe	synergy_480_gen10_plus_compute_module	-	No
Hardware	hpe	synergy_660_gen10_compute_module	-	No
Operating System	hp	integrated_lights-out_6	< 1.20	Yes
Hardware	hpe	proliant_dl320_gen11_server	-	No
Hardware	hpe	proliant_dl325_gen11_server	-	No
Hardware	hpe	proliant_dl345_gen11_server	-	No
Hardware	hpe	proliant_dl360_gen11_server	-	No
Hardware	hpe	proliant_dl365_gen11_server	-	No
Hardware	hpe	proliant_dl380_gen11_server	-	No
Hardware	hpe	proliant_dl385_gen11_server	-	No
Hardware	hpe	proliant_ml350_gen11_server	-	No

References

https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04456en_us Vendor Advisory ([email protected])
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04456en_us Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For hp's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.