CVE-2023-28083: XSS
First published: Wed Mar 22 2023(Updated: )
A remote Cross-site Scripting vulnerability was discovered in HPE Integrated Lights-Out 6 (iLO 6), Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 4 (iLO 4). HPE has provided software updates to resolve this vulnerability in HPE Integrated Lights-Out.
Credit: security-alert@hpe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| HP Integrated Lights-Out 4 Firmware | <2.82 | |
| HPE Apollo 4200 Gen9 Server | ||
| HPE Apollo R2000 Chassis | ||
| HP ProLiant BL420c Gen8 Server | ||
| HPE ProLiant BL460c Gen8 Blade Server | ||
| HP ProLiant BL460c Gen9 Server Blade | ||
| HP ProLiant BL465c Gen8 (AMD) | ||
| HPE ProLiant bl660c Gen8 Blade Server | ||
| HPE ProLiant BL660c Gen9 Server Firmware | ||
| HPE ProLiant DL120 Gen9 Server | ||
| HP ProLiant DL160 Gen8 Server | ||
| HP ProLiant DL160 Gen9 Server | ||
| HP ProLiant DL180 Gen9 Server | ||
| HP ProLiant DL20 Gen9 Server Firmware | ||
| HPE ProLiant DL320e Gen8 v2 Server | ||
| HP ProLiant DL320e Gen8 v2 Server Firmware | ||
| HP ProLiant DL360 Gen9 Server | ||
| HPE ProLiant DL360e Gen8 Server | ||
| HPE ProLiant DL360p Gen8 Server | ||
| HP ProLiant DL380 Gen9 Server Firmware | ||
| HP ProLiant DL380e Gen8 Server | ||
| HPE ProLiant DL380p Gen8 Server | ||
| HPE ProLiant DL385p Gen8 (AMD) Firmware | ||
| HP ProLiant DL560 Gen8 Server Firmware | ||
| HPE ProLiant DL560 Gen9 Server | ||
| HP ProLiant DL580 Gen8 Server | ||
| HPE ProLiant DL580 Gen9 Server | ||
| HP ProLiant DL60 Gen9 Server | ||
| HPE ProLiant DL80 Gen9 Server | ||
| HPE ProLiant MicroServer Gen8 | ||
| HPE ProLiant ml110 gen9 server | ||
| HP ProLiant ML30 Gen9 Server | ||
| HPE ProLiant ML310e Gen8 v2 Server | ||
| HP ProLiant ML310e Gen8 v2 Server Firmware | ||
| HP ProLiant ML350 Gen9 Server | ||
| HP ProLiant ML350e Gen8 Server | ||
| HPE ProLiant ML350e Gen8 v2 Server Firmware | ||
| HP ProLiant ML350p Gen8 Server Firmware | ||
| HPE ProLiant SL210t Gen8 Server | ||
| HPE ProLiant sl230s gen8 server | ||
| HPE ProLiant SL250s Gen8 Server | ||
| HPE ProLiant SL270s Gen8 Server | ||
| HPE ProLiant SL270s Gen8 Server Firmware | ||
| HPE ProLiant WS460c Gen8 Graphics Server Blade | ||
| HPE ProLiant WS460c Gen9 Graphics Server Blade | ||
| HP ProLiant XL170R Gen9 | ||
| HP ProLiant XL190r Gen9 Server Firmware | ||
| HPE ProLiant XL220a Gen8 v2 Server | ||
| HPE ProLiant XL230a Gen9 Server Firmware | ||
| HPE ProLiant XL230b Gen9 Server | ||
| HPE ProLiant XL250a Gen9 Server Firmware | ||
| HP ProLiant XL270d Gen9 Server | ||
| HPE ProLiant XL450 Gen9 Server | ||
| HPE ProLiant xl730f Gen9 Server | ||
| HP ProLiant XL740f Gen9 Server | ||
| HP ProLiant XL750f Gen9 Server | ||
| HPE StoreEasy 1430 Storage | ||
| HPE StoreEasy 1440 Storage | ||
| HPE StoreEasy 1450 Storage | ||
| HPE StoreEasy 1530 Storage | ||
| HPE StoreEasy 1540 Storage | ||
| HPE StoreEasy 1550 Storage | ||
| HPE StoreEasy 1630 Storage | ||
| HPE StoreEasy 1640 Storage | ||
| HPE StoreEasy 1650 Expanded Storage | ||
| HPE StoreEasy 1650 Expanded Storage | ||
| HPE StoreEasy 1830 Storage | ||
| HPE StoreEasy 1840 Storage | ||
| HPE StoreEasy 1850 Storage | ||
| HPE StoreEasy 3830 Gateway Storage Blade | ||
| HPE StoreEasy 3830 Gateway Storage Blade | ||
| HPE storeeasy 3840 gateway storage | ||
| HPE StoreEasy 3840 Gateway Storage Blade | ||
| HPE StoreEasy 3850 Gateway | ||
| HPE StoreEasy 3850 Gateway | ||
| HPE StoreEasy 3850 Gateway Storage | ||
| HPE StoreVirtual 3000 File Controller | ||
| HPE Synergy 480 Gen9 | ||
| HPE Synergy 620 Gen9 | ||
| HPE Synergy 660 Gen9 | ||
| HPE Synergy 680 Gen9 | ||
| HPE Integrated Lights-Out 5 firmware | <2.78 | |
| HPE Apollo 4200 Gen10 Plus System | ||
| HPE Apollo 4200 Gen10 Plus System | ||
| HP Apollo 4510 System | ||
| HPE Apollo 6500 Gen10 Plus | ||
| HPE Apollo 6500 Gen10 Plus | ||
| HPE Apollo n2600 Gen10 Plus | ||
| HPE Apollo n2800 Gen10 Plus | ||
| HPE Apollo r2200 Gen10 | ||
| HPE Apollo R2600 Gen10 | ||
| HPE Apollo r2800 Gen10 | ||
| HPE Edgeline E920 Server Blade | ||
| HPE Edgeline E920d Server Blade | ||
| HPE Edgeline E920t Server Blade | ||
| HPE ProLiant BL460c Gen10 Server Blade | ||
| HP ProLiant DL120 Gen10 Server | ||
| HP ProLiant DL160 Gen10 Server | ||
| HPE ProLiant DL180 Gen10 Server | ||
| HPE ProLiant DL20 Gen10 Plus Server | ||
| HPE ProLiant DL20 Gen10 Plus Server | ||
| HPE ProLiant DL325 Gen10 Plus Server | ||
| HPE ProLiant DL325 Gen10 Server | ||
| HPE ProLiant DL345 Gen10 Plus Server | ||
| HPE ProLiant DL360 Gen10 Plus Server | ||
| HP ProLiant DL360 Gen10 | ||
| HPE ProLiant DL365 Gen10 Plus Server | ||
| HPE ProLiant DL380 Gen10 Plus Server | ||
| HP ProLiant DL380 Gen10 | ||
| HPE ProLiant DX385 Gen10 Plus Server | ||
| HPE ProLiant DL385 Gen10 Plus v2 Server | ||
| HPE ProLiant DL385 Gen10 Server | ||
| HPE proliant dl560 gen10 server | ||
| HPE ProLiant DL580 Gen10 Server Firmware | ||
| HPE ProLiant DX170R Gen10 Server | ||
| HPE ProLiant DX190R Gen10 Server | ||
| HPE ProLiant DX220N Gen10 Plus Server | ||
| HPE ProLiant DX325 Gen10 Plus v2 Server | ||
| HPE ProLiant DX360 Gen10 Plus Server | ||
| HPE ProLiant DX360 Gen10 Server | ||
| HPE ProLiant DX380 Gen10 Plus Server | ||
| HPE ProLiant DX380 Gen10 Server | ||
| HPE ProLiant DX385 Gen10 Plus Server | ||
| HPE ProLiant DX385 Gen10 Plus v2 Server | ||
| HPE ProLiant DX4200 Gen10 Server | ||
| HPE ProLiant DX560 Gen10 Server | ||
| HPE ProLiant E910 Server Blade | ||
| HPE ProLiant E910T Server Blade | ||
| HP ProLiant ML110 Gen10 Server | ||
| HPE ProLiant ML30 Gen10 Plus Server | ||
| HP ProLiant ML350 Gen10 Server | ||
| HP ProLiant xl170r Gen10 | ||
| HP ProLiant xl190r Gen10 | ||
| HPE ProLiant XL220n Gen10 Plus Server | ||
| HPE ProLiant XL225N Gen10 Plus 1U Node | ||
| HP ProLiant XL230k Gen10 Server | ||
| HPE ProLiant XL270d Gen10 Server | ||
| HPE ProLiant XL290n Gen10 Plus Server | ||
| HPE ProLiant XL450 Gen10 Server Firmware | ||
| HPE ProLiant XL645D Gen10 Plus Server | ||
| HPE ProLiant XL675d Gen10 Plus Server | ||
| HPE Storage File Controller | ||
| HPE Storage Performance File Controller | ||
| HPE StoreEasy 1460 Storage | ||
| HPE StoreEasy 1560 Storage | ||
| HPE StoreEasy 1660 Expanded Storage | ||
| HPE storeeasy 1660 performance storage | ||
| HPE StoreEasy 1660 Expanded Storage | ||
| HPE StoreEasy 1860 Performance Storage | ||
| HPE StoreEasy 1860 Performance Storage | ||
| HPE Synergy 480 Gen10 Plus Compute Module | ||
| HPE Synergy 480 Gen10 Plus Compute Module | ||
| HP Synergy 660 Gen10 Firmware | ||
| HPE Integrated Lights-Out 6 | <1.20 | |
| HPE ProLiant DL320 Gen11 Server | ||
| HPE ProLiant DL325 Gen11 Server | ||
| HPE ProLiant DL345 Gen11 Server | ||
| HPE ProLiant DL360 Gen11 Server | ||
| HPE ProLiant DL365 Gen11 Server | ||
| HPE ProLiant DL380 Gen11 Server | ||
| HPE ProLiant DL385 Gen11 Server | ||
| HPE ProLiant ML350 Gen11 Server |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-28083?
The severity of CVE-2023-28083 is considered high due to its potential for remote exploitation via cross-site scripting.
How do I fix CVE-2023-28083?
To fix CVE-2023-28083, you should immediately apply the latest software updates provided by HPE for Integrated Lights-Out 4, 5, and 6.
Which versions are affected by CVE-2023-28083?
CVE-2023-28083 affects HPE Integrated Lights-Out 4, 5, and 6, specifically versions prior to 2.82 for iLO 4 and 2.78 for iLO 5, and 1.20 for iLO 6.
Can CVE-2023-28083 be exploited remotely?
Yes, CVE-2023-28083 can be exploited remotely, allowing attackers to execute scripts in the context of the affected user's session.
What products are impacted by CVE-2023-28083?
CVE-2023-28083 impacts HPE Integrated Lights-Out 4, Integrated Lights-Out 5, and Integrated Lights-Out 6 firmware.
- agent/type
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/author
- agent/severity
- agent/weakness
- agent/references
- agent/event
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/hp
- canonical/hp integrated lights-out 4 firmware
- vendor/hpe
- canonical/hpe apollo 4200 gen9 server
- canonical/hpe apollo r2000 chassis
- canonical/hp proliant bl420c gen8 server
- canonical/hpe proliant bl460c gen8 blade server
- canonical/hp proliant bl460c gen9 server blade
- canonical/hp proliant bl465c gen8 (amd)
- canonical/hpe proliant bl660c gen8 blade server
- canonical/hpe proliant bl660c gen9 server firmware
- canonical/hpe proliant dl120 gen9 server
- canonical/hp proliant dl160 gen8 server
- canonical/hp proliant dl160 gen9 server
- canonical/hp proliant dl180 gen9 server
- canonical/hp proliant dl20 gen9 server firmware
- canonical/hpe proliant dl320e gen8 v2 server
- canonical/hp proliant dl320e gen8 v2 server firmware
- canonical/hp proliant dl360 gen9 server
- canonical/hpe proliant dl360e gen8 server
- canonical/hpe proliant dl360p gen8 server
- canonical/hp proliant dl380 gen9 server firmware
- canonical/hp proliant dl380e gen8 server
- canonical/hpe proliant dl380p gen8 server
- canonical/hpe proliant dl385p gen8 (amd) firmware
- canonical/hp proliant dl560 gen8 server firmware
- canonical/hpe proliant dl560 gen9 server
- canonical/hp proliant dl580 gen8 server
- canonical/hpe proliant dl580 gen9 server
- canonical/hp proliant dl60 gen9 server
- canonical/hpe proliant dl80 gen9 server
- canonical/hpe proliant microserver gen8
- canonical/hpe proliant ml110 gen9 server
- canonical/hp proliant ml30 gen9 server
- canonical/hpe proliant ml310e gen8 v2 server
- canonical/hp proliant ml310e gen8 v2 server firmware
- canonical/hp proliant ml350 gen9 server
- canonical/hp proliant ml350e gen8 server
- canonical/hpe proliant ml350e gen8 v2 server firmware
- canonical/hp proliant ml350p gen8 server firmware
- canonical/hpe proliant sl210t gen8 server
- canonical/hpe proliant sl230s gen8 server
- canonical/hpe proliant sl250s gen8 server
- canonical/hpe proliant sl270s gen8 server
- canonical/hpe proliant sl270s gen8 server firmware
- canonical/hpe proliant ws460c gen8 graphics server blade
- canonical/hpe proliant ws460c gen9 graphics server blade
- canonical/hp proliant xl170r gen9
- canonical/hp proliant xl190r gen9 server firmware
- canonical/hpe proliant xl220a gen8 v2 server
- canonical/hpe proliant xl230a gen9 server firmware
- canonical/hpe proliant xl230b gen9 server
- canonical/hpe proliant xl250a gen9 server firmware
- canonical/hp proliant xl270d gen9 server
- canonical/hpe proliant xl450 gen9 server
- canonical/hpe proliant xl730f gen9 server
- canonical/hp proliant xl740f gen9 server
- canonical/hp proliant xl750f gen9 server
- canonical/hpe storeeasy 1430 storage
- canonical/hpe storeeasy 1440 storage
- canonical/hpe storeeasy 1450 storage
- canonical/hpe storeeasy 1530 storage
- canonical/hpe storeeasy 1540 storage
- canonical/hpe storeeasy 1550 storage
- canonical/hpe storeeasy 1630 storage
- canonical/hpe storeeasy 1640 storage
- canonical/hpe storeeasy 1650 expanded storage
- canonical/hpe storeeasy 1830 storage
- canonical/hpe storeeasy 1840 storage
- canonical/hpe storeeasy 1850 storage
- canonical/hpe storeeasy 3830 gateway storage blade
- canonical/hpe storeeasy 3840 gateway storage
- canonical/hpe storeeasy 3840 gateway storage blade
- canonical/hpe storeeasy 3850 gateway
- canonical/hpe storeeasy 3850 gateway storage
- canonical/hpe storevirtual 3000 file controller
- canonical/hpe synergy 480 gen9
- canonical/hpe synergy 620 gen9
- canonical/hpe synergy 660 gen9
- canonical/hpe synergy 680 gen9
- canonical/hpe integrated lights-out 5 firmware
- canonical/hpe apollo 4200 gen10 plus system
- canonical/hp apollo 4510 system
- canonical/hpe apollo 6500 gen10 plus
- canonical/hpe apollo n2600 gen10 plus
- canonical/hpe apollo n2800 gen10 plus
- canonical/hpe apollo r2200 gen10
- canonical/hpe apollo r2600 gen10
- canonical/hpe apollo r2800 gen10
- canonical/hpe edgeline e920 server blade
- canonical/hpe edgeline e920d server blade
- canonical/hpe edgeline e920t server blade
- canonical/hpe proliant bl460c gen10 server blade
- canonical/hp proliant dl120 gen10 server
- canonical/hp proliant dl160 gen10 server
- canonical/hpe proliant dl180 gen10 server
- canonical/hpe proliant dl20 gen10 plus server
- canonical/hpe proliant dl325 gen10 plus server
- canonical/hpe proliant dl325 gen10 server
- canonical/hpe proliant dl345 gen10 plus server
- canonical/hpe proliant dl360 gen10 plus server
- canonical/hp proliant dl360 gen10
- canonical/hpe proliant dl365 gen10 plus server
- canonical/hpe proliant dl380 gen10 plus server
- canonical/hp proliant dl380 gen10
- canonical/hpe proliant dx385 gen10 plus server
- canonical/hpe proliant dl385 gen10 plus v2 server
- canonical/hpe proliant dl385 gen10 server
- canonical/hpe proliant dl560 gen10 server
- canonical/hpe proliant dl580 gen10 server firmware
- canonical/hpe proliant dx170r gen10 server
- canonical/hpe proliant dx190r gen10 server
- canonical/hpe proliant dx220n gen10 plus server
- canonical/hpe proliant dx325 gen10 plus v2 server
- canonical/hpe proliant dx360 gen10 plus server
- canonical/hpe proliant dx360 gen10 server
- canonical/hpe proliant dx380 gen10 plus server
- canonical/hpe proliant dx380 gen10 server
- canonical/hpe proliant dx385 gen10 plus v2 server
- canonical/hpe proliant dx4200 gen10 server
- canonical/hpe proliant dx560 gen10 server
- canonical/hpe proliant e910 server blade
- canonical/hpe proliant e910t server blade
- canonical/hp proliant ml110 gen10 server
- canonical/hpe proliant ml30 gen10 plus server
- canonical/hp proliant ml350 gen10 server
- canonical/hp proliant xl170r gen10
- canonical/hp proliant xl190r gen10
- canonical/hpe proliant xl220n gen10 plus server
- canonical/hpe proliant xl225n gen10 plus 1u node
- canonical/hp proliant xl230k gen10 server
- canonical/hpe proliant xl270d gen10 server
- canonical/hpe proliant xl290n gen10 plus server
- canonical/hpe proliant xl450 gen10 server firmware
- canonical/hpe proliant xl645d gen10 plus server
- canonical/hpe proliant xl675d gen10 plus server
- canonical/hpe storage file controller
- canonical/hpe storage performance file controller
- canonical/hpe storeeasy 1460 storage
- canonical/hpe storeeasy 1560 storage
- canonical/hpe storeeasy 1660 expanded storage
- canonical/hpe storeeasy 1660 performance storage
- canonical/hpe storeeasy 1860 performance storage
- canonical/hpe synergy 480 gen10 plus compute module
- canonical/hp synergy 660 gen10 firmware
- canonical/hpe integrated lights-out 6
- canonical/hpe proliant dl320 gen11 server
- canonical/hpe proliant dl325 gen11 server
- canonical/hpe proliant dl345 gen11 server
- canonical/hpe proliant dl360 gen11 server
- canonical/hpe proliant dl365 gen11 server
- canonical/hpe proliant dl380 gen11 server
- canonical/hpe proliant dl385 gen11 server
- canonical/hpe proliant ml350 gen11 server