Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-11982

Summary
Assigner-hpe
Assigner Org ID-eb103674-0d28-4225-80f8-39fb86215de0
Published At-05 Jun, 2019 | 16:35
Updated At-04 Aug, 2024 | 23:10
Rejected At-
Credits

A remote cross site scripting vulnerability was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than v2.61b for Gen9 servers and Integrated Lights-Out 5 (iLO 5) for Gen10 Servers earlier than version v1.39.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:hpe
Assigner Org ID:eb103674-0d28-4225-80f8-39fb86215de0
Published At:05 Jun, 2019 | 16:35
Updated At:04 Aug, 2024 | 23:10
Rejected At:
▼CVE Numbering Authority (CNA)

A remote cross site scripting vulnerability was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than v2.61b for Gen9 servers and Integrated Lights-Out 5 (iLO 5) for Gen10 Servers earlier than version v1.39.

Affected Products
Vendor
n/a
Product
HPE iLO4 and HPE iLO5
Versions
Affected
  • iLO4 prior to v2.61b and iLO5 prior to v1.39
Problem Types
TypeCWE IDDescription
textN/Across site scripting
Type: text
CWE ID: N/A
Description: cross site scripting
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03917en_us
x_refsource_CONFIRM
Hyperlink: https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03917en_us
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03917en_us
x_refsource_CONFIRM
x_transferred
Hyperlink: https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03917en_us
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-alert@hpe.com
Published At:05 Jun, 2019 | 17:29
Updated At:07 Jun, 2019 | 18:51

A remote cross site scripting vulnerability was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than v2.61b for Gen9 servers and Integrated Lights-Out 5 (iLO 5) for Gen10 Servers earlier than version v1.39.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.08.3HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Primary2.07.6HIGH
AV:N/AC:H/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.0
Base score: 8.3
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 7.6
Base severity: HIGH
Vector:
AV:N/AC:H/Au:N/C:C/I:C/A:C
CPE Matches
HP Inc.
hp
>>integrated_lights-out_5_firmware>>Versions up to 1.39(inclusive)
cpe:2.3:o:hp:integrated_lights-out_5_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>proliant_bl460c_gen10>>-
cpe:2.3:h:hp:proliant_bl460c_gen10:-:*:*:*:*:*:*:*
HP Inc.
hp
>>proliant_dl120_gen10>>-
cpe:2.3:h:hp:proliant_dl120_gen10:-:*:*:*:*:*:*:*
HP Inc.
hp
>>proliant_dl160_gen10>>-
cpe:2.3:h:hp:proliant_dl160_gen10:-:*:*:*:*:*:*:*
HP Inc.
hp
>>proliant_dl180_gen10>>-
cpe:2.3:h:hp:proliant_dl180_gen10:-:*:*:*:*:*:*:*
HP Inc.
hp
>>proliant_dl20_gen10>>-
cpe:2.3:h:hp:proliant_dl20_gen10:-:*:*:*:*:*:*:*
HP Inc.
hp
>>proliant_dl325_gen10>>-
cpe:2.3:h:hp:proliant_dl325_gen10:-:*:*:*:*:*:*:*
HP Inc.
hp
>>proliant_dl360_gen10>>-
cpe:2.3:h:hp:proliant_dl360_gen10:-:*:*:*:*:*:*:*
HP Inc.
hp
>>proliant_dl380_gen10>>-
cpe:2.3:h:hp:proliant_dl380_gen10:-:*:*:*:*:*:*:*
HP Inc.
hp
>>proliant_dl385_gen10>>-
cpe:2.3:h:hp:proliant_dl385_gen10:-:*:*:*:*:*:*:*
HP Inc.
hp
>>proliant_dl560_gen10>>-
cpe:2.3:h:hp:proliant_dl560_gen10:-:*:*:*:*:*:*:*
HP Inc.
hp
>>proliant_dl580_gen10>>-
cpe:2.3:h:hp:proliant_dl580_gen10:-:*:*:*:*:*:*:*
HP Inc.
hp
>>proliant_microserver_gen10>>-
cpe:2.3:h:hp:proliant_microserver_gen10:-:*:*:*:*:*:*:*
HP Inc.
hp
>>proliant_ml110_gen10>>-
cpe:2.3:h:hp:proliant_ml110_gen10:-:*:*:*:*:*:*:*
HP Inc.
hp
>>proliant_ml350_gen10>>-
cpe:2.3:h:hp:proliant_ml350_gen10:-:*:*:*:*:*:*:*
HP Inc.
hp
>>proliant_xl170r_gen10>>-
cpe:2.3:h:hp:proliant_xl170r_gen10:-:*:*:*:*:*:*:*
HP Inc.
hp
>>proliant_xl190r_gen10>>-
cpe:2.3:h:hp:proliant_xl190r_gen10:-:*:*:*:*:*:*:*
HP Inc.
hp
>>proliant_xl230k_gen10>>-
cpe:2.3:h:hp:proliant_xl230k_gen10:-:*:*:*:*:*:*:*
HP Inc.
hp
>>proliant_xl450_gen10>>-
cpe:2.3:h:hp:proliant_xl450_gen10:-:*:*:*:*:*:*:*
HP Inc.
hp
>>integrated_lights-out_4_firmware>>Versions up to 2.61b(inclusive)
cpe:2.3:o:hp:integrated_lights-out_4_firmware:*:*:*:*:*:*:*:*
HP Inc.
hp
>>proliant_bl460c_gen9>>-
cpe:2.3:h:hp:proliant_bl460c_gen9:-:*:*:*:*:*:*:*
HP Inc.
hp
>>proliant_dl120_gen9>>-
cpe:2.3:h:hp:proliant_dl120_gen9:-:*:*:*:*:*:*:*
HP Inc.
hp
>>proliant_dl180_gen9>>-
cpe:2.3:h:hp:proliant_dl180_gen9:-:*:*:*:*:*:*:*
HP Inc.
hp
>>proliant_dl360_gen9>>-
cpe:2.3:h:hp:proliant_dl360_gen9:-:*:*:*:*:*:*:*
HP Inc.
hp
>>proliant_dl380_gen9>>-
cpe:2.3:h:hp:proliant_dl380_gen9:-:*:*:*:*:*:*:*
HP Inc.
hp
>>proliant_dl580_gen9>>-
cpe:2.3:h:hp:proliant_dl580_gen9:-:*:*:*:*:*:*:*
HP Inc.
hp
>>proliant_ml10_gen9>>2
cpe:2.3:h:hp:proliant_ml10_gen9:2:*:*:*:*:*:*:*
HP Inc.
hp
>>proliant_ml110_gen9>>-
cpe:2.3:h:hp:proliant_ml110_gen9:-:*:*:*:*:*:*:*
HP Inc.
hp
>>proliant_ml150_gen9>>-
cpe:2.3:h:hp:proliant_ml150_gen9:-:*:*:*:*:*:*:*
HP Inc.
hp
>>proliant_ml30_gen9>>2
cpe:2.3:h:hp:proliant_ml30_gen9:2:*:*:*:*:*:*:*
HP Inc.
hp
>>proliant_ml350_gen9>>-
cpe:2.3:h:hp:proliant_ml350_gen9:-:*:*:*:*:*:*:*
HP Inc.
hp
>>proliant_ws460c_gen9>>-
cpe:2.3:h:hp:proliant_ws460c_gen9:-:*:*:*:*:*:*:*
HP Inc.
hp
>>proliant_xl170r_gen9>>-
cpe:2.3:h:hp:proliant_xl170r_gen9:-:*:*:*:*:*:*:*
HP Inc.
hp
>>proliant_xl190r_gen9>>-
cpe:2.3:h:hp:proliant_xl190r_gen9:-:*:*:*:*:*:*:*
HP Inc.
hp
>>proliant_xl230a_gen9>>-
cpe:2.3:h:hp:proliant_xl230a_gen9:-:*:*:*:*:*:*:*
HP Inc.
hp
>>proliant_xl250a_gen9>>-
cpe:2.3:h:hp:proliant_xl250a_gen9:-:*:*:*:*:*:*:*
HP Inc.
hp
>>proliant_xl730f_gen9>>*
cpe:2.3:h:hp:proliant_xl730f_gen9:*:*:*:*:*:*:*:*
HP Inc.
hp
>>proliant_xl740f_gen9>>-
cpe:2.3:h:hp:proliant_xl740f_gen9:-:*:*:*:*:*:*:*
HP Inc.
hp
>>proliant_xl750f_gen9>>-
cpe:2.3:h:hp:proliant_xl750f_gen9:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-79Primarynvd@nist.gov
CWE ID: CWE-79
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03917en_ussecurity-alert@hpe.com
Vendor Advisory
Hyperlink: https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03917en_us
Source: security-alert@hpe.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

204Records found
CVE-2020-1673
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-8.8||HIGH
EPSS-1.41% / 80.29%
||
7 Day CHG~0.00%
Published-16 Oct, 2020 | 20:31
Updated-16 Sep, 2024 | 22:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: Reflected Cross-site Scripting vulnerability in J-Web and web based (HTTP/HTTPS) services

Insufficient Cross-Site Scripting (XSS) protection in Juniper Networks J-Web and web based (HTTP/HTTPS) services allows an unauthenticated attacker to hijack the target user's HTTP/HTTPS session and perform administrative actions on the Junos device as the targeted user. This issue only affects Juniper Networks Junos OS devices with HTTP/HTTPS services enabled such as J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZTP). Junos OS devices with HTTP/HTTPS services disabled are not affected. If HTTP/HTTPS services are enabled, the following command will show the httpd processes: user@device> show system processes | match http 5260 - S 0:00.13 /usr/sbin/httpd-gk -N 5797 - I 0:00.10 /usr/sbin/httpd --config /jail/var/etc/httpd.conf In order to successfully exploit this vulnerability, the attacker needs to convince the device administrator to take action such as clicking the crafted URL sent via phishing email or convince the administrator to input data in the browser console. This issue affects Juniper Networks Junos OS: 18.1 versions prior to 18.1R3-S1; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R2-S5, 18.4R3-S2; 19.1 versions prior to 19.1R2-S2, 19.1R3-S1; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2; 20.1 versions prior to 20.1R1-S2, 20.1R2. This issue does not affect Juniper Networks Junos OS prior to 18.1R1.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junosJunos OS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-11543
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.3||HIGH
EPSS-0.18% / 38.99%
||
7 Day CHG~0.00%
Published-26 Apr, 2019 | 01:40
Updated-15 Nov, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

XSS exists in the admin web console in Pulse Secure Pulse Connect Secure (PCS) 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, and 5.2RX before 5.2R12.1.

Action-Not Available
Vendor-n/aIvanti SoftwarePulse Secure
Product-pulse_policy_securepulse_connect_secureconnect_securen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-15613
Matching Score-4
Assigner-Avaya, Inc.
ShareView Details
Matching Score-4
Assigner-Avaya, Inc.
CVSS Score-8.3||HIGH
EPSS-0.25% / 47.80%
||
7 Day CHG~0.00%
Published-21 Sep, 2018 | 18:00
Updated-05 Aug, 2024 | 10:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Orchestration Designer Runtime Config XSS

A cross-site scripting (XSS) vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could result in malicious content being returned to the user. Affected versions of Avaya Aura Orchestration Designer include all versions up to 7.2.1.

Action-Not Available
Vendor-Avaya LLC
Product-aura_orchestration_designerOrchestration Designer
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-29095
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-8.3||HIGH
EPSS-0.72% / 72.29%
||
7 Day CHG~0.00%
Published-10 Jun, 2022 | 20:05
Updated-16 Sep, 2024 | 23:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SupportAssist Client Consumer versions (3.10.4 and prior) and Dell SupportAssist Client Commercial versions (3.1.1 and prior) contain a cross-site scripting vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability under specific conditions leading to execution of malicious code on a vulnerable system.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_for_business_pcssupportassist_for_home_pcsSupportAssist Consumer
CWE ID-CWE-16
Not Available
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found