CVE-2016-4406: XSS
First published: Mon Aug 06 2018(Updated: )
A remote cross site scripting vulnerability was identified in HPE iLO 3 all version prior to v1.88 and HPE iLO 4 all versions prior to v2.44.
Credit: security-alert@hpe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hp Integrated Lights-out 3 Firmware | <1.88 | |
| Hp Integrated Lights-out 4 Firmware | <2.44 | |
| Hp Integrated Lights-out |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for the remote cross site scripting vulnerability in HPE iLO?
The vulnerability ID for the remote cross site scripting vulnerability in HPE iLO is CVE-2016-4406.
Which versions of HPE iLO are affected by the remote cross site scripting vulnerability?
The remote cross site scripting vulnerability affects HPE iLO 3 versions prior to v1.88 and HPE iLO 4 versions prior to v2.44.
What is the severity rating of CVE-2016-4406?
The severity rating of CVE-2016-4406 is medium with a CVSS score of 6.1.
What is the Common Weakness Enumeration (CWE) ID for the vulnerability?
The Common Weakness Enumeration (CWE) ID for the vulnerability is CWE-79.
How can I fix the remote cross site scripting vulnerability in HPE iLO?
To fix the remote cross site scripting vulnerability, update HPE iLO 3 to version v1.88 or later, and HPE iLO 4 to version v2.44 or later.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/references
- agent/weakness
- agent/author
- agent/first-publish-date
- agent/tags
- agent/description
- agent/event
- vendor/hp
- canonical/hp integrated lights-out 3 firmware
- canonical/hp integrated lights-out 4 firmware
- canonical/hp integrated lights-out