Multiple vulnerabilities in HPE products
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 11 |
| CVE-ID | CVE-2022-28626 CVE-2022-28627 CVE-2022-28628 CVE-2022-28629 CVE-2022-28630 CVE-2022-28631 CVE-2022-28632 CVE-2022-28633 CVE-2022-28634 CVE-2022-28635 CVE-2022-28636 |
| CWE-ID | CWE-20 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers Hardware solutions / Firmware HPE Apollo 2000 Gen10 Plus System Hardware solutions / Firmware HPE Apollo 4200 Gen10 Plus System Hardware solutions / Firmware HPE Apollo 4200 Gen10 Server Hardware solutions / Firmware HPE ProLiant XL420 Gen10 Server Hardware solutions / Firmware HPE Apollo 4510 Gen10 System Hardware solutions / Firmware HPE Apollo 6500 Gen10 Plus System Hardware solutions / Firmware HPE Apollo 6500 Gen10 System Hardware solutions / Firmware HPE Apollo n2600 Gen10 Plus Hardware solutions / Firmware HPE Apollo n2800 Gen10 Plus Hardware solutions / Firmware HPE Apollo r2000 Chassis Hardware solutions / Firmware HPE Apollo r2800 Gen10 Hardware solutions / Firmware HPE Apollo r2600 Gen10 Hardware solutions / Firmware HPE Edgeline e920 Server Blade Hardware solutions / Firmware HPE Edgeline e920d Server Blade Hardware solutions / Firmware HPE Edgeline e920t Server Blade Hardware solutions / Firmware HPE ProLiant DL20 Gen10 Plus server Hardware solutions / Firmware HPE ProLiant BL460c Gen10 Server Blade Hardware solutions / Firmware HPE ProLiant DL20 Gen10 Server Hardware solutions / Firmware HPE ProLiant DL110 Gen10 Plus Telco server Hardware solutions / Firmware HPE ProLiant DL120 Gen10 Server Hardware solutions / Firmware HPE ProLiant DL160 Gen10 Server Hardware solutions / Firmware HPE ProLiant DL180 Gen10 Server Hardware solutions / Firmware HPE ProLiant DL325 Gen10 Plus server Hardware solutions / Firmware HPE ProLiant DL325 Gen10 Plus v2 server Hardware solutions / Firmware HPE ProLiant DL325 Gen10 Server Hardware solutions / Firmware HPE ProLiant DL345 Gen10 Plus server Hardware solutions / Firmware HPE ProLiant DL360 Gen10 Plus server Hardware solutions / Firmware HPE ProLiant DL360 Gen10 Server Hardware solutions / Firmware HPE ProLiant DL365 Gen10 Plus server Hardware solutions / Firmware HPE ProLiant DL380 Gen10 Plus server Hardware solutions / Firmware HPE ProLiant DL380 Gen10 Server Hardware solutions / Firmware HPE ProLiant DL385 Gen10 Plus server Hardware solutions / Firmware HPE ProLiant DL385 Gen10 Plus v2 server Hardware solutions / Firmware HPE ProLiant DL385 Gen10 Server Hardware solutions / Firmware HPE ProLiant DL560 Gen10 Server Hardware solutions / Firmware HPE ProLiant DL580 Gen10 Server Hardware solutions / Firmware HPE ProLiant DX170r Gen10 server Hardware solutions / Firmware HPE ProLiant DX190r Gen10 server Hardware solutions / Firmware HPE ProLiant DX220n Gen10 Plus server Hardware solutions / Firmware HPE ProLiant DX325 Gen10 Plus v2 server Hardware solutions / Firmware HPE ProLiant DX360 Gen10 Plus server Hardware solutions / Firmware HPE ProLiant DX360 Gen10 server Hardware solutions / Firmware HPE ProLiant DX380 Gen10 Plus server Hardware solutions / Firmware HPE ProLiant DX380 Gen10 server Hardware solutions / Firmware HPE ProLiant DX385 Gen10 Plus server Hardware solutions / Firmware HPE ProLiant DX385 Gen10 Plus v2 server Hardware solutions / Firmware HPE ProLiant DX4200 Gen10 server Hardware solutions / Firmware HPE ProLiant DX560 Gen10 server Hardware solutions / Firmware HPE ProLiant e910 Server Blade Hardware solutions / Firmware HPE ProLiant e910t Server Blade Hardware solutions / Firmware HPE ProLiant m750 Server Blade Hardware solutions / Firmware HPE ProLiant MicroServer Gen10 Plus Hardware solutions / Firmware HPE ProLiant ML30 Gen10 Plus server Hardware solutions / Firmware HPE ProLiant ML30 Gen10 Server Hardware solutions / Firmware HPE ProLiant ML110 Gen10 Server Hardware solutions / Firmware HPE ProLiant ML350 Gen10 Server Hardware solutions / Firmware HPE ProLiant XL170r Gen10 Server Hardware solutions / Firmware HPE ProLiant XL190r Gen10 Server Hardware solutions / Firmware HPE ProLiant XL220n Gen10 Plus Server Hardware solutions / Firmware HPE ProLiant XL225n Gen10 Plus 1U Node Hardware solutions / Firmware HPE ProLiant XL230k Gen10 Server Hardware solutions / Firmware HPE ProLiant XL270d Gen10 Server Hardware solutions / Firmware HPE ProLiant XL290n Gen10 Plus Server Hardware solutions / Firmware HPE ProLiant XL450 Gen10 Server Hardware solutions / Firmware HPE ProLiant XL645d Gen10 Plus Server Hardware solutions / Firmware HPE ProLiant XL675d Gen10 Plus Server Hardware solutions / Firmware HPE ProLiant XL925g Gen10 Plus 1U 4-node Configure-to-order Server Hardware solutions / Firmware HPE Storage File Controller Hardware solutions / Firmware HPE Storage Performance File Controller Hardware solutions / Firmware HPE StoreEasy 1460 Storage Hardware solutions / Firmware HPE StoreEasy 1560 Storage Hardware solutions / Firmware HPE StoreEasy 1660 Expanded Storage Hardware solutions / Firmware HPE StoreEasy 1660 Performance Storage Hardware solutions / Firmware HPE StoreEasy 1660 Storage Hardware solutions / Firmware HPE StoreEasy 1860 Performance Storage Hardware solutions / Firmware HPE StoreEasy 1860 Storage Hardware solutions / Firmware |
| Vendor |
Security Bulletin
This security bulletin contains information about 11 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU65923
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-28626
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input. A local user with high privileges can trigger the vulnerability to escalate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsHPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers: before 2.71
HPE Apollo 2000 Gen10 Plus System: before 2.71
HPE Apollo 4200 Gen10 Plus System: before 2.71
HPE Apollo 4200 Gen10 Server: before 2.71
HPE ProLiant XL420 Gen10 Server: before 2.71
HPE Apollo 4510 Gen10 System: before 2.71
HPE Apollo 6500 Gen10 Plus System: before 2.71
HPE Apollo 6500 Gen10 System: before 2.71
HPE Apollo n2600 Gen10 Plus: before 2.71
HPE Apollo n2800 Gen10 Plus: before 2.71
HPE Apollo r2000 Chassis: before 2.71
HPE Apollo r2800 Gen10: before 2.71
HPE Apollo r2600 Gen10: before 2.71
HPE Edgeline e920 Server Blade: before 2.71
HPE Edgeline e920d Server Blade: before 2.71
HPE Edgeline e920t Server Blade: before 2.71
HPE ProLiant DL20 Gen10 Plus server: before 2.71
HPE ProLiant BL460c Gen10 Server Blade: before 2.71
HPE ProLiant DL20 Gen10 Server: before 2.71
HPE ProLiant DL110 Gen10 Plus Telco server: before 2.71
HPE ProLiant DL120 Gen10 Server: before 2.71
HPE ProLiant DL160 Gen10 Server: before 2.71
HPE ProLiant DL180 Gen10 Server: before 2.71
HPE ProLiant DL325 Gen10 Plus server: before 2.71
HPE ProLiant DL325 Gen10 Plus v2 server: before 2.71
HPE ProLiant DL325 Gen10 Server: before 2.71
HPE ProLiant DL345 Gen10 Plus server: before 2.71
HPE ProLiant DL360 Gen10 Plus server: before 2.71
HPE ProLiant DL360 Gen10 Server: before 2.71
HPE ProLiant DL365 Gen10 Plus server: before 2.71
HPE ProLiant DL380 Gen10 Plus server: before 2.71
HPE ProLiant DL380 Gen10 Server: before 2.71
HPE ProLiant DL385 Gen10 Plus server: before 2.71
HPE ProLiant DL385 Gen10 Plus v2 server: before 2.71
HPE ProLiant DL385 Gen10 Server: before 2.71
HPE ProLiant DL560 Gen10 Server: before 2.71
HPE ProLiant DL580 Gen10 Server: before 2.71
HPE ProLiant DX170r Gen10 server: before 2.71
HPE ProLiant DX190r Gen10 server: before 2.71
HPE ProLiant DX220n Gen10 Plus server: before 2.71
HPE ProLiant DX325 Gen10 Plus v2 server: before 2.71
HPE ProLiant DX360 Gen10 Plus server: before 2.71
HPE ProLiant DX360 Gen10 server: before 2.71
HPE ProLiant DX380 Gen10 Plus server: before 2.71
HPE ProLiant DX380 Gen10 server: before 2.71
HPE ProLiant DX385 Gen10 Plus server: before 2.71
HPE ProLiant DX385 Gen10 Plus v2 server: before 2.71
HPE ProLiant DX4200 Gen10 server: before 2.71
HPE ProLiant DX560 Gen10 server: before 2.71
HPE ProLiant e910 Server Blade: before 2.71
HPE ProLiant e910t Server Blade: before 2.71
HPE ProLiant m750 Server Blade: before 2.71
HPE ProLiant MicroServer Gen10 Plus: before 2.71
HPE ProLiant ML30 Gen10 Plus server: before 2.71
HPE ProLiant ML30 Gen10 Server: before 2.71
HPE ProLiant ML110 Gen10 Server: before 2.71
HPE ProLiant ML350 Gen10 Server: before 2.71
HPE ProLiant XL170r Gen10 Server: before 2.71
HPE ProLiant XL190r Gen10 Server: before 2.71
HPE ProLiant XL220n Gen10 Plus Server: before 2.71
HPE ProLiant XL225n Gen10 Plus 1U Node: before 2.71
HPE ProLiant XL230k Gen10 Server: before 2.71
HPE ProLiant XL270d Gen10 Server: before 2.71
HPE ProLiant XL290n Gen10 Plus Server: before 2.71
HPE ProLiant XL450 Gen10 Server: before 2.71
HPE ProLiant XL645d Gen10 Plus Server: before 2.71
HPE ProLiant XL675d Gen10 Plus Server: before 2.71
HPE ProLiant XL925g Gen10 Plus 1U 4-node Configure-to-order Server: before 2.71
HPE Storage File Controller: before 2.71
HPE Storage Performance File Controller: before 2.71
HPE StoreEasy 1460 Storage: before 2.71
HPE StoreEasy 1560 Storage: before 2.71
HPE StoreEasy 1660 Expanded Storage: before 2.71
HPE StoreEasy 1660 Performance Storage: before 2.71
HPE StoreEasy 1660 Storage: before 2.71
HPE StoreEasy 1860 Performance Storage: before 2.71
HPE StoreEasy 1860 Storage: before 2.71
External linkshttp://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04333en_us
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU65924
Risk: High
CVSSv3.1: 8.1 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-28627
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input. A local attacker can trigger the vulnerability to escalate privileges on the system.
Install updates from vendor's website.
Vulnerable software versionsHPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers: before 2.71
HPE Apollo 2000 Gen10 Plus System: before 2.71
HPE Apollo 4200 Gen10 Plus System: before 2.71
HPE Apollo 4200 Gen10 Server: before 2.71
HPE ProLiant XL420 Gen10 Server: before 2.71
HPE Apollo 4510 Gen10 System: before 2.71
HPE Apollo 6500 Gen10 Plus System: before 2.71
HPE Apollo 6500 Gen10 System: before 2.71
HPE Apollo n2600 Gen10 Plus: before 2.71
HPE Apollo n2800 Gen10 Plus: before 2.71
HPE Apollo r2000 Chassis: before 2.71
HPE Apollo r2800 Gen10: before 2.71
HPE Apollo r2600 Gen10: before 2.71
HPE Edgeline e920 Server Blade: before 2.71
HPE Edgeline e920d Server Blade: before 2.71
HPE Edgeline e920t Server Blade: before 2.71
HPE ProLiant DL20 Gen10 Plus server: before 2.71
HPE ProLiant BL460c Gen10 Server Blade: before 2.71
HPE ProLiant DL20 Gen10 Server: before 2.71
HPE ProLiant DL110 Gen10 Plus Telco server: before 2.71
HPE ProLiant DL120 Gen10 Server: before 2.71
HPE ProLiant DL160 Gen10 Server: before 2.71
HPE ProLiant DL180 Gen10 Server: before 2.71
HPE ProLiant DL325 Gen10 Plus server: before 2.71
HPE ProLiant DL325 Gen10 Plus v2 server: before 2.71
HPE ProLiant DL325 Gen10 Server: before 2.71
HPE ProLiant DL345 Gen10 Plus server: before 2.71
HPE ProLiant DL360 Gen10 Plus server: before 2.71
HPE ProLiant DL360 Gen10 Server: before 2.71
HPE ProLiant DL365 Gen10 Plus server: before 2.71
HPE ProLiant DL380 Gen10 Plus server: before 2.71
HPE ProLiant DL380 Gen10 Server: before 2.71
HPE ProLiant DL385 Gen10 Plus server: before 2.71
HPE ProLiant DL385 Gen10 Plus v2 server: before 2.71
HPE ProLiant DL385 Gen10 Server: before 2.71
HPE ProLiant DL560 Gen10 Server: before 2.71
HPE ProLiant DL580 Gen10 Server: before 2.71
HPE ProLiant DX170r Gen10 server: before 2.71
HPE ProLiant DX190r Gen10 server: before 2.71
HPE ProLiant DX220n Gen10 Plus server: before 2.71
HPE ProLiant DX325 Gen10 Plus v2 server: before 2.71
HPE ProLiant DX360 Gen10 Plus server: before 2.71
HPE ProLiant DX360 Gen10 server: before 2.71
HPE ProLiant DX380 Gen10 Plus server: before 2.71
HPE ProLiant DX380 Gen10 server: before 2.71
HPE ProLiant DX385 Gen10 Plus server: before 2.71
HPE ProLiant DX385 Gen10 Plus v2 server: before 2.71
HPE ProLiant DX4200 Gen10 server: before 2.71
HPE ProLiant DX560 Gen10 server: before 2.71
HPE ProLiant e910 Server Blade: before 2.71
HPE ProLiant e910t Server Blade: before 2.71
HPE ProLiant m750 Server Blade: before 2.71
HPE ProLiant MicroServer Gen10 Plus: before 2.71
HPE ProLiant ML30 Gen10 Plus server: before 2.71
HPE ProLiant ML30 Gen10 Server: before 2.71
HPE ProLiant ML110 Gen10 Server: before 2.71
HPE ProLiant ML350 Gen10 Server: before 2.71
HPE ProLiant XL170r Gen10 Server: before 2.71
HPE ProLiant XL190r Gen10 Server: before 2.71
HPE ProLiant XL220n Gen10 Plus Server: before 2.71
HPE ProLiant XL225n Gen10 Plus 1U Node: before 2.71
HPE ProLiant XL230k Gen10 Server: before 2.71
HPE ProLiant XL270d Gen10 Server: before 2.71
HPE ProLiant XL290n Gen10 Plus Server: before 2.71
HPE ProLiant XL450 Gen10 Server: before 2.71
HPE ProLiant XL645d Gen10 Plus Server: before 2.71
HPE ProLiant XL675d Gen10 Plus Server: before 2.71
HPE ProLiant XL925g Gen10 Plus 1U 4-node Configure-to-order Server: before 2.71
HPE Storage File Controller: before 2.71
HPE Storage Performance File Controller: before 2.71
HPE StoreEasy 1460 Storage: before 2.71
HPE StoreEasy 1560 Storage: before 2.71
HPE StoreEasy 1660 Expanded Storage: before 2.71
HPE StoreEasy 1660 Performance Storage: before 2.71
HPE StoreEasy 1660 Storage: before 2.71
HPE StoreEasy 1860 Performance Storage: before 2.71
HPE StoreEasy 1860 Storage: before 2.71
External linkshttp://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04333en_us
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU65926
Risk: High
CVSSv3.1: 8.1 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-28628
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input. A local attacker can trigger the vulnerability to escalate privileges on the system.
Install updates from vendor's website.
Vulnerable software versionsHPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers: before 2.71
HPE Apollo 2000 Gen10 Plus System: before 2.71
HPE Apollo 4200 Gen10 Plus System: before 2.71
HPE Apollo 4200 Gen10 Server: before 2.71
HPE ProLiant XL420 Gen10 Server: before 2.71
HPE Apollo 4510 Gen10 System: before 2.71
HPE Apollo 6500 Gen10 Plus System: before 2.71
HPE Apollo 6500 Gen10 System: before 2.71
HPE Apollo n2600 Gen10 Plus: before 2.71
HPE Apollo n2800 Gen10 Plus: before 2.71
HPE Apollo r2000 Chassis: before 2.71
HPE Apollo r2800 Gen10: before 2.71
HPE Apollo r2600 Gen10: before 2.71
HPE Edgeline e920 Server Blade: before 2.71
HPE Edgeline e920d Server Blade: before 2.71
HPE Edgeline e920t Server Blade: before 2.71
HPE ProLiant DL20 Gen10 Plus server: before 2.71
HPE ProLiant BL460c Gen10 Server Blade: before 2.71
HPE ProLiant DL20 Gen10 Server: before 2.71
HPE ProLiant DL110 Gen10 Plus Telco server: before 2.71
HPE ProLiant DL120 Gen10 Server: before 2.71
HPE ProLiant DL160 Gen10 Server: before 2.71
HPE ProLiant DL180 Gen10 Server: before 2.71
HPE ProLiant DL325 Gen10 Plus server: before 2.71
HPE ProLiant DL325 Gen10 Plus v2 server: before 2.71
HPE ProLiant DL325 Gen10 Server: before 2.71
HPE ProLiant DL345 Gen10 Plus server: before 2.71
HPE ProLiant DL360 Gen10 Plus server: before 2.71
HPE ProLiant DL360 Gen10 Server: before 2.71
HPE ProLiant DL365 Gen10 Plus server: before 2.71
HPE ProLiant DL380 Gen10 Plus server: before 2.71
HPE ProLiant DL380 Gen10 Server: before 2.71
HPE ProLiant DL385 Gen10 Plus server: before 2.71
HPE ProLiant DL385 Gen10 Plus v2 server: before 2.71
HPE ProLiant DL385 Gen10 Server: before 2.71
HPE ProLiant DL560 Gen10 Server: before 2.71
HPE ProLiant DL580 Gen10 Server: before 2.71
HPE ProLiant DX170r Gen10 server: before 2.71
HPE ProLiant DX190r Gen10 server: before 2.71
HPE ProLiant DX220n Gen10 Plus server: before 2.71
HPE ProLiant DX325 Gen10 Plus v2 server: before 2.71
HPE ProLiant DX360 Gen10 Plus server: before 2.71
HPE ProLiant DX360 Gen10 server: before 2.71
HPE ProLiant DX380 Gen10 Plus server: before 2.71
HPE ProLiant DX380 Gen10 server: before 2.71
HPE ProLiant DX385 Gen10 Plus server: before 2.71
HPE ProLiant DX385 Gen10 Plus v2 server: before 2.71
HPE ProLiant DX4200 Gen10 server: before 2.71
HPE ProLiant DX560 Gen10 server: before 2.71
HPE ProLiant e910 Server Blade: before 2.71
HPE ProLiant e910t Server Blade: before 2.71
HPE ProLiant m750 Server Blade: before 2.71
HPE ProLiant MicroServer Gen10 Plus: before 2.71
HPE ProLiant ML30 Gen10 Plus server: before 2.71
HPE ProLiant ML30 Gen10 Server: before 2.71
HPE ProLiant ML110 Gen10 Server: before 2.71
HPE ProLiant ML350 Gen10 Server: before 2.71
HPE ProLiant XL170r Gen10 Server: before 2.71
HPE ProLiant XL190r Gen10 Server: before 2.71
HPE ProLiant XL220n Gen10 Plus Server: before 2.71
HPE ProLiant XL225n Gen10 Plus 1U Node: before 2.71
HPE ProLiant XL230k Gen10 Server: before 2.71
HPE ProLiant XL270d Gen10 Server: before 2.71
HPE ProLiant XL290n Gen10 Plus Server: before 2.71
HPE ProLiant XL450 Gen10 Server: before 2.71
HPE ProLiant XL645d Gen10 Plus Server: before 2.71
HPE ProLiant XL675d Gen10 Plus Server: before 2.71
HPE ProLiant XL925g Gen10 Plus 1U 4-node Configure-to-order Server: before 2.71
HPE Storage File Controller: before 2.71
HPE Storage Performance File Controller: before 2.71
HPE StoreEasy 1460 Storage: before 2.71
HPE StoreEasy 1560 Storage: before 2.71
HPE StoreEasy 1660 Expanded Storage: before 2.71
HPE StoreEasy 1660 Performance Storage: before 2.71
HPE StoreEasy 1660 Storage: before 2.71
HPE StoreEasy 1860 Performance Storage: before 2.71
HPE StoreEasy 1860 Storage: before 2.71
External linkshttp://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04333en_us
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU65930
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-28629
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input. A local user can trigger the vulnerability to escalate privileges on the system.
Install updates from vendor's website.
Vulnerable software versionsHPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers: before 2.71
HPE Apollo 2000 Gen10 Plus System: before 2.71
HPE Apollo 4200 Gen10 Plus System: before 2.71
HPE Apollo 4200 Gen10 Server: before 2.71
HPE ProLiant XL420 Gen10 Server: before 2.71
HPE Apollo 4510 Gen10 System: before 2.71
HPE Apollo 6500 Gen10 Plus System: before 2.71
HPE Apollo 6500 Gen10 System: before 2.71
HPE Apollo n2600 Gen10 Plus: before 2.71
HPE Apollo n2800 Gen10 Plus: before 2.71
HPE Apollo r2000 Chassis: before 2.71
HPE Apollo r2800 Gen10: before 2.71
HPE Apollo r2600 Gen10: before 2.71
HPE Edgeline e920 Server Blade: before 2.71
HPE Edgeline e920d Server Blade: before 2.71
HPE Edgeline e920t Server Blade: before 2.71
HPE ProLiant DL20 Gen10 Plus server: before 2.71
HPE ProLiant BL460c Gen10 Server Blade: before 2.71
HPE ProLiant DL20 Gen10 Server: before 2.71
HPE ProLiant DL110 Gen10 Plus Telco server: before 2.71
HPE ProLiant DL120 Gen10 Server: before 2.71
HPE ProLiant DL160 Gen10 Server: before 2.71
HPE ProLiant DL180 Gen10 Server: before 2.71
HPE ProLiant DL325 Gen10 Plus server: before 2.71
HPE ProLiant DL325 Gen10 Plus v2 server: before 2.71
HPE ProLiant DL325 Gen10 Server: before 2.71
HPE ProLiant DL345 Gen10 Plus server: before 2.71
HPE ProLiant DL360 Gen10 Plus server: before 2.71
HPE ProLiant DL360 Gen10 Server: before 2.71
HPE ProLiant DL365 Gen10 Plus server: before 2.71
HPE ProLiant DL380 Gen10 Plus server: before 2.71
HPE ProLiant DL380 Gen10 Server: before 2.71
HPE ProLiant DL385 Gen10 Plus server: before 2.71
HPE ProLiant DL385 Gen10 Plus v2 server: before 2.71
HPE ProLiant DL385 Gen10 Server: before 2.71
HPE ProLiant DL560 Gen10 Server: before 2.71
HPE ProLiant DL580 Gen10 Server: before 2.71
HPE ProLiant DX170r Gen10 server: before 2.71
HPE ProLiant DX190r Gen10 server: before 2.71
HPE ProLiant DX220n Gen10 Plus server: before 2.71
HPE ProLiant DX325 Gen10 Plus v2 server: before 2.71
HPE ProLiant DX360 Gen10 Plus server: before 2.71
HPE ProLiant DX360 Gen10 server: before 2.71
HPE ProLiant DX380 Gen10 Plus server: before 2.71
HPE ProLiant DX380 Gen10 server: before 2.71
HPE ProLiant DX385 Gen10 Plus server: before 2.71
HPE ProLiant DX385 Gen10 Plus v2 server: before 2.71
HPE ProLiant DX4200 Gen10 server: before 2.71
HPE ProLiant DX560 Gen10 server: before 2.71
HPE ProLiant e910 Server Blade: before 2.71
HPE ProLiant e910t Server Blade: before 2.71
HPE ProLiant m750 Server Blade: before 2.71
HPE ProLiant MicroServer Gen10 Plus: before 2.71
HPE ProLiant ML30 Gen10 Plus server: before 2.71
HPE ProLiant ML30 Gen10 Server: before 2.71
HPE ProLiant ML110 Gen10 Server: before 2.71
HPE ProLiant ML350 Gen10 Server: before 2.71
HPE ProLiant XL170r Gen10 Server: before 2.71
HPE ProLiant XL190r Gen10 Server: before 2.71
HPE ProLiant XL220n Gen10 Plus Server: before 2.71
HPE ProLiant XL225n Gen10 Plus 1U Node: before 2.71
HPE ProLiant XL230k Gen10 Server: before 2.71
HPE ProLiant XL270d Gen10 Server: before 2.71
HPE ProLiant XL290n Gen10 Plus Server: before 2.71
HPE ProLiant XL450 Gen10 Server: before 2.71
HPE ProLiant XL645d Gen10 Plus Server: before 2.71
HPE ProLiant XL675d Gen10 Plus Server: before 2.71
HPE ProLiant XL925g Gen10 Plus 1U 4-node Configure-to-order Server: before 2.71
HPE Storage File Controller: before 2.71
HPE Storage Performance File Controller: before 2.71
HPE StoreEasy 1460 Storage: before 2.71
HPE StoreEasy 1560 Storage: before 2.71
HPE StoreEasy 1660 Expanded Storage: before 2.71
HPE StoreEasy 1660 Performance Storage: before 2.71
HPE StoreEasy 1660 Storage: before 2.71
HPE StoreEasy 1860 Performance Storage: before 2.71
HPE StoreEasy 1860 Storage: before 2.71
External linkshttp://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04333en_us
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Input validation error
EUVDB-ID: #VU65931
Risk: High
CVSSv3.1: 7.4 [CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-28630
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input. A local attacker can trick the victim into opening a specially crafted file to escalate privileges on the system.
Install updates from vendor's website.
Vulnerable software versionsHPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers: before 2.71
HPE Apollo 2000 Gen10 Plus System: before 2.71
HPE Apollo 4200 Gen10 Plus System: before 2.71
HPE Apollo 4200 Gen10 Server: before 2.71
HPE ProLiant XL420 Gen10 Server: before 2.71
HPE Apollo 4510 Gen10 System: before 2.71
HPE Apollo 6500 Gen10 Plus System: before 2.71
HPE Apollo 6500 Gen10 System: before 2.71
HPE Apollo n2600 Gen10 Plus: before 2.71
HPE Apollo n2800 Gen10 Plus: before 2.71
HPE Apollo r2000 Chassis: before 2.71
HPE Apollo r2800 Gen10: before 2.71
HPE Apollo r2600 Gen10: before 2.71
HPE Edgeline e920 Server Blade: before 2.71
HPE Edgeline e920d Server Blade: before 2.71
HPE Edgeline e920t Server Blade: before 2.71
HPE ProLiant DL20 Gen10 Plus server: before 2.71
HPE ProLiant BL460c Gen10 Server Blade: before 2.71
HPE ProLiant DL20 Gen10 Server: before 2.71
HPE ProLiant DL110 Gen10 Plus Telco server: before 2.71
HPE ProLiant DL120 Gen10 Server: before 2.71
HPE ProLiant DL160 Gen10 Server: before 2.71
HPE ProLiant DL180 Gen10 Server: before 2.71
HPE ProLiant DL325 Gen10 Plus server: before 2.71
HPE ProLiant DL325 Gen10 Plus v2 server: before 2.71
HPE ProLiant DL325 Gen10 Server: before 2.71
HPE ProLiant DL345 Gen10 Plus server: before 2.71
HPE ProLiant DL360 Gen10 Plus server: before 2.71
HPE ProLiant DL360 Gen10 Server: before 2.71
HPE ProLiant DL365 Gen10 Plus server: before 2.71
HPE ProLiant DL380 Gen10 Plus server: before 2.71
HPE ProLiant DL380 Gen10 Server: before 2.71
HPE ProLiant DL385 Gen10 Plus server: before 2.71
HPE ProLiant DL385 Gen10 Plus v2 server: before 2.71
HPE ProLiant DL385 Gen10 Server: before 2.71
HPE ProLiant DL560 Gen10 Server: before 2.71
HPE ProLiant DL580 Gen10 Server: before 2.71
HPE ProLiant DX170r Gen10 server: before 2.71
HPE ProLiant DX190r Gen10 server: before 2.71
HPE ProLiant DX220n Gen10 Plus server: before 2.71
HPE ProLiant DX325 Gen10 Plus v2 server: before 2.71
HPE ProLiant DX360 Gen10 Plus server: before 2.71
HPE ProLiant DX360 Gen10 server: before 2.71
HPE ProLiant DX380 Gen10 Plus server: before 2.71
HPE ProLiant DX380 Gen10 server: before 2.71
HPE ProLiant DX385 Gen10 Plus server: before 2.71
HPE ProLiant DX385 Gen10 Plus v2 server: before 2.71
HPE ProLiant DX4200 Gen10 server: before 2.71
HPE ProLiant DX560 Gen10 server: before 2.71
HPE ProLiant e910 Server Blade: before 2.71
HPE ProLiant e910t Server Blade: before 2.71
HPE ProLiant m750 Server Blade: before 2.71
HPE ProLiant MicroServer Gen10 Plus: before 2.71
HPE ProLiant ML30 Gen10 Plus server: before 2.71
HPE ProLiant ML30 Gen10 Server: before 2.71
HPE ProLiant ML110 Gen10 Server: before 2.71
HPE ProLiant ML350 Gen10 Server: before 2.71
HPE ProLiant XL170r Gen10 Server: before 2.71
HPE ProLiant XL190r Gen10 Server: before 2.71
HPE ProLiant XL220n Gen10 Plus Server: before 2.71
HPE ProLiant XL225n Gen10 Plus 1U Node: before 2.71
HPE ProLiant XL230k Gen10 Server: before 2.71
HPE ProLiant XL270d Gen10 Server: before 2.71
HPE ProLiant XL290n Gen10 Plus Server: before 2.71
HPE ProLiant XL450 Gen10 Server: before 2.71
HPE ProLiant XL645d Gen10 Plus Server: before 2.71
HPE ProLiant XL675d Gen10 Plus Server: before 2.71
HPE ProLiant XL925g Gen10 Plus 1U 4-node Configure-to-order Server: before 2.71
HPE Storage File Controller: before 2.71
HPE Storage Performance File Controller: before 2.71
HPE StoreEasy 1460 Storage: before 2.71
HPE StoreEasy 1560 Storage: before 2.71
HPE StoreEasy 1660 Expanded Storage: before 2.71
HPE StoreEasy 1660 Performance Storage: before 2.71
HPE StoreEasy 1660 Storage: before 2.71
HPE StoreEasy 1860 Performance Storage: before 2.71
HPE StoreEasy 1860 Storage: before 2.71
External linkshttp://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04333en_us
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Input validation error
EUVDB-ID: #VU65933
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-28631
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker on the local network to execute arbitrary code on the system and perform a denial of service attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker on the local network can trigger the vulnerability to execute arbitrary code on the system and perform a denial of service attack.
Install updates from vendor's website.
Vulnerable software versionsHPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers: before 2.71
HPE Apollo 2000 Gen10 Plus System: before 2.71
HPE Apollo 4200 Gen10 Plus System: before 2.71
HPE Apollo 4200 Gen10 Server: before 2.71
HPE ProLiant XL420 Gen10 Server: before 2.71
HPE Apollo 4510 Gen10 System: before 2.71
HPE Apollo 6500 Gen10 Plus System: before 2.71
HPE Apollo 6500 Gen10 System: before 2.71
HPE Apollo n2600 Gen10 Plus: before 2.71
HPE Apollo n2800 Gen10 Plus: before 2.71
HPE Apollo r2000 Chassis: before 2.71
HPE Apollo r2800 Gen10: before 2.71
HPE Apollo r2600 Gen10: before 2.71
HPE Edgeline e920 Server Blade: before 2.71
HPE Edgeline e920d Server Blade: before 2.71
HPE Edgeline e920t Server Blade: before 2.71
HPE ProLiant DL20 Gen10 Plus server: before 2.71
HPE ProLiant BL460c Gen10 Server Blade: before 2.71
HPE ProLiant DL20 Gen10 Server: before 2.71
HPE ProLiant DL110 Gen10 Plus Telco server: before 2.71
HPE ProLiant DL120 Gen10 Server: before 2.71
HPE ProLiant DL160 Gen10 Server: before 2.71
HPE ProLiant DL180 Gen10 Server: before 2.71
HPE ProLiant DL325 Gen10 Plus server: before 2.71
HPE ProLiant DL325 Gen10 Plus v2 server: before 2.71
HPE ProLiant DL325 Gen10 Server: before 2.71
HPE ProLiant DL345 Gen10 Plus server: before 2.71
HPE ProLiant DL360 Gen10 Plus server: before 2.71
HPE ProLiant DL360 Gen10 Server: before 2.71
HPE ProLiant DL365 Gen10 Plus server: before 2.71
HPE ProLiant DL380 Gen10 Plus server: before 2.71
HPE ProLiant DL380 Gen10 Server: before 2.71
HPE ProLiant DL385 Gen10 Plus server: before 2.71
HPE ProLiant DL385 Gen10 Plus v2 server: before 2.71
HPE ProLiant DL385 Gen10 Server: before 2.71
HPE ProLiant DL560 Gen10 Server: before 2.71
HPE ProLiant DL580 Gen10 Server: before 2.71
HPE ProLiant DX170r Gen10 server: before 2.71
HPE ProLiant DX190r Gen10 server: before 2.71
HPE ProLiant DX220n Gen10 Plus server: before 2.71
HPE ProLiant DX325 Gen10 Plus v2 server: before 2.71
HPE ProLiant DX360 Gen10 Plus server: before 2.71
HPE ProLiant DX360 Gen10 server: before 2.71
HPE ProLiant DX380 Gen10 Plus server: before 2.71
HPE ProLiant DX380 Gen10 server: before 2.71
HPE ProLiant DX385 Gen10 Plus server: before 2.71
HPE ProLiant DX385 Gen10 Plus v2 server: before 2.71
HPE ProLiant DX4200 Gen10 server: before 2.71
HPE ProLiant DX560 Gen10 server: before 2.71
HPE ProLiant e910 Server Blade: before 2.71
HPE ProLiant e910t Server Blade: before 2.71
HPE ProLiant m750 Server Blade: before 2.71
HPE ProLiant MicroServer Gen10 Plus: before 2.71
HPE ProLiant ML30 Gen10 Plus server: before 2.71
HPE ProLiant ML30 Gen10 Server: before 2.71
HPE ProLiant ML110 Gen10 Server: before 2.71
HPE ProLiant ML350 Gen10 Server: before 2.71
HPE ProLiant XL170r Gen10 Server: before 2.71
HPE ProLiant XL190r Gen10 Server: before 2.71
HPE ProLiant XL220n Gen10 Plus Server: before 2.71
HPE ProLiant XL225n Gen10 Plus 1U Node: before 2.71
HPE ProLiant XL230k Gen10 Server: before 2.71
HPE ProLiant XL270d Gen10 Server: before 2.71
HPE ProLiant XL290n Gen10 Plus Server: before 2.71
HPE ProLiant XL450 Gen10 Server: before 2.71
HPE ProLiant XL645d Gen10 Plus Server: before 2.71
HPE ProLiant XL675d Gen10 Plus Server: before 2.71
HPE ProLiant XL925g Gen10 Plus 1U 4-node Configure-to-order Server: before 2.71
HPE Storage File Controller: before 2.71
HPE Storage Performance File Controller: before 2.71
HPE StoreEasy 1460 Storage: before 2.71
HPE StoreEasy 1560 Storage: before 2.71
HPE StoreEasy 1660 Expanded Storage: before 2.71
HPE StoreEasy 1660 Performance Storage: before 2.71
HPE StoreEasy 1660 Storage: before 2.71
HPE StoreEasy 1860 Performance Storage: before 2.71
HPE StoreEasy 1860 Storage: before 2.71
External linkshttp://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04333en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Input validation error
EUVDB-ID: #VU65934
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-28632
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker on the local network to execute arbitrary code on the system and perform a denial of service attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker on the local network can trigger the vulnerability to execute arbitrary code on the system and perform a denial of service attack.
Install updates from vendor's website.
Vulnerable software versionsHPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers: before 2.71
HPE Apollo 2000 Gen10 Plus System: before 2.71
HPE Apollo 4200 Gen10 Plus System: before 2.71
HPE Apollo 4200 Gen10 Server: before 2.71
HPE ProLiant XL420 Gen10 Server: before 2.71
HPE Apollo 4510 Gen10 System: before 2.71
HPE Apollo 6500 Gen10 Plus System: before 2.71
HPE Apollo 6500 Gen10 System: before 2.71
HPE Apollo n2600 Gen10 Plus: before 2.71
HPE Apollo n2800 Gen10 Plus: before 2.71
HPE Apollo r2000 Chassis: before 2.71
HPE Apollo r2800 Gen10: before 2.71
HPE Apollo r2600 Gen10: before 2.71
HPE Edgeline e920 Server Blade: before 2.71
HPE Edgeline e920d Server Blade: before 2.71
HPE Edgeline e920t Server Blade: before 2.71
HPE ProLiant DL20 Gen10 Plus server: before 2.71
HPE ProLiant BL460c Gen10 Server Blade: before 2.71
HPE ProLiant DL20 Gen10 Server: before 2.71
HPE ProLiant DL110 Gen10 Plus Telco server: before 2.71
HPE ProLiant DL120 Gen10 Server: before 2.71
HPE ProLiant DL160 Gen10 Server: before 2.71
HPE ProLiant DL180 Gen10 Server: before 2.71
HPE ProLiant DL325 Gen10 Plus server: before 2.71
HPE ProLiant DL325 Gen10 Plus v2 server: before 2.71
HPE ProLiant DL325 Gen10 Server: before 2.71
HPE ProLiant DL345 Gen10 Plus server: before 2.71
HPE ProLiant DL360 Gen10 Plus server: before 2.71
HPE ProLiant DL360 Gen10 Server: before 2.71
HPE ProLiant DL365 Gen10 Plus server: before 2.71
HPE ProLiant DL380 Gen10 Plus server: before 2.71
HPE ProLiant DL380 Gen10 Server: before 2.71
HPE ProLiant DL385 Gen10 Plus server: before 2.71
HPE ProLiant DL385 Gen10 Plus v2 server: before 2.71
HPE ProLiant DL385 Gen10 Server: before 2.71
HPE ProLiant DL560 Gen10 Server: before 2.71
HPE ProLiant DL580 Gen10 Server: before 2.71
HPE ProLiant DX170r Gen10 server: before 2.71
HPE ProLiant DX190r Gen10 server: before 2.71
HPE ProLiant DX220n Gen10 Plus server: before 2.71
HPE ProLiant DX325 Gen10 Plus v2 server: before 2.71
HPE ProLiant DX360 Gen10 Plus server: before 2.71
HPE ProLiant DX360 Gen10 server: before 2.71
HPE ProLiant DX380 Gen10 Plus server: before 2.71
HPE ProLiant DX380 Gen10 server: before 2.71
HPE ProLiant DX385 Gen10 Plus server: before 2.71
HPE ProLiant DX385 Gen10 Plus v2 server: before 2.71
HPE ProLiant DX4200 Gen10 server: before 2.71
HPE ProLiant DX560 Gen10 server: before 2.71
HPE ProLiant e910 Server Blade: before 2.71
HPE ProLiant e910t Server Blade: before 2.71
HPE ProLiant m750 Server Blade: before 2.71
HPE ProLiant MicroServer Gen10 Plus: before 2.71
HPE ProLiant ML30 Gen10 Plus server: before 2.71
HPE ProLiant ML30 Gen10 Server: before 2.71
HPE ProLiant ML110 Gen10 Server: before 2.71
HPE ProLiant ML350 Gen10 Server: before 2.71
HPE ProLiant XL170r Gen10 Server: before 2.71
HPE ProLiant XL190r Gen10 Server: before 2.71
HPE ProLiant XL220n Gen10 Plus Server: before 2.71
HPE ProLiant XL225n Gen10 Plus 1U Node: before 2.71
HPE ProLiant XL230k Gen10 Server: before 2.71
HPE ProLiant XL270d Gen10 Server: before 2.71
HPE ProLiant XL290n Gen10 Plus Server: before 2.71
HPE ProLiant XL450 Gen10 Server: before 2.71
HPE ProLiant XL645d Gen10 Plus Server: before 2.71
HPE ProLiant XL675d Gen10 Plus Server: before 2.71
HPE ProLiant XL925g Gen10 Plus 1U 4-node Configure-to-order Server: before 2.71
HPE Storage File Controller: before 2.71
HPE Storage Performance File Controller: before 2.71
HPE StoreEasy 1460 Storage: before 2.71
HPE StoreEasy 1560 Storage: before 2.71
HPE StoreEasy 1660 Expanded Storage: before 2.71
HPE StoreEasy 1660 Performance Storage: before 2.71
HPE StoreEasy 1660 Storage: before 2.71
HPE StoreEasy 1860 Performance Storage: before 2.71
HPE StoreEasy 1860 Storage: before 2.71
External linkshttp://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04333en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Input validation error
EUVDB-ID: #VU65936
Risk: High
CVSSv3.1: 7.4 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-28633
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied input. A local attacker can trigger the vulnerability to gain access to sensitive information and modify data on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsHPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers: before 2.71
HPE Apollo 2000 Gen10 Plus System: before 2.71
HPE Apollo 4200 Gen10 Plus System: before 2.71
HPE Apollo 4200 Gen10 Server: before 2.71
HPE ProLiant XL420 Gen10 Server: before 2.71
HPE Apollo 4510 Gen10 System: before 2.71
HPE Apollo 6500 Gen10 Plus System: before 2.71
HPE Apollo 6500 Gen10 System: before 2.71
HPE Apollo n2600 Gen10 Plus: before 2.71
HPE Apollo n2800 Gen10 Plus: before 2.71
HPE Apollo r2000 Chassis: before 2.71
HPE Apollo r2800 Gen10: before 2.71
HPE Apollo r2600 Gen10: before 2.71
HPE Edgeline e920 Server Blade: before 2.71
HPE Edgeline e920d Server Blade: before 2.71
HPE Edgeline e920t Server Blade: before 2.71
HPE ProLiant DL20 Gen10 Plus server: before 2.71
HPE ProLiant BL460c Gen10 Server Blade: before 2.71
HPE ProLiant DL20 Gen10 Server: before 2.71
HPE ProLiant DL110 Gen10 Plus Telco server: before 2.71
HPE ProLiant DL120 Gen10 Server: before 2.71
HPE ProLiant DL160 Gen10 Server: before 2.71
HPE ProLiant DL180 Gen10 Server: before 2.71
HPE ProLiant DL325 Gen10 Plus server: before 2.71
HPE ProLiant DL325 Gen10 Plus v2 server: before 2.71
HPE ProLiant DL325 Gen10 Server: before 2.71
HPE ProLiant DL345 Gen10 Plus server: before 2.71
HPE ProLiant DL360 Gen10 Plus server: before 2.71
HPE ProLiant DL360 Gen10 Server: before 2.71
HPE ProLiant DL365 Gen10 Plus server: before 2.71
HPE ProLiant DL380 Gen10 Plus server: before 2.71
HPE ProLiant DL380 Gen10 Server: before 2.71
HPE ProLiant DL385 Gen10 Plus server: before 2.71
HPE ProLiant DL385 Gen10 Plus v2 server: before 2.71
HPE ProLiant DL385 Gen10 Server: before 2.71
HPE ProLiant DL560 Gen10 Server: before 2.71
HPE ProLiant DL580 Gen10 Server: before 2.71
HPE ProLiant DX170r Gen10 server: before 2.71
HPE ProLiant DX190r Gen10 server: before 2.71
HPE ProLiant DX220n Gen10 Plus server: before 2.71
HPE ProLiant DX325 Gen10 Plus v2 server: before 2.71
HPE ProLiant DX360 Gen10 Plus server: before 2.71
HPE ProLiant DX360 Gen10 server: before 2.71
HPE ProLiant DX380 Gen10 Plus server: before 2.71
HPE ProLiant DX380 Gen10 server: before 2.71
HPE ProLiant DX385 Gen10 Plus server: before 2.71
HPE ProLiant DX385 Gen10 Plus v2 server: before 2.71
HPE ProLiant DX4200 Gen10 server: before 2.71
HPE ProLiant DX560 Gen10 server: before 2.71
HPE ProLiant e910 Server Blade: before 2.71
HPE ProLiant e910t Server Blade: before 2.71
HPE ProLiant m750 Server Blade: before 2.71
HPE ProLiant MicroServer Gen10 Plus: before 2.71
HPE ProLiant ML30 Gen10 Plus server: before 2.71
HPE ProLiant ML30 Gen10 Server: before 2.71
HPE ProLiant ML110 Gen10 Server: before 2.71
HPE ProLiant ML350 Gen10 Server: before 2.71
HPE ProLiant XL170r Gen10 Server: before 2.71
HPE ProLiant XL190r Gen10 Server: before 2.71
HPE ProLiant XL220n Gen10 Plus Server: before 2.71
HPE ProLiant XL225n Gen10 Plus 1U Node: before 2.71
HPE ProLiant XL230k Gen10 Server: before 2.71
HPE ProLiant XL270d Gen10 Server: before 2.71
HPE ProLiant XL290n Gen10 Plus Server: before 2.71
HPE ProLiant XL450 Gen10 Server: before 2.71
HPE ProLiant XL645d Gen10 Plus Server: before 2.71
HPE ProLiant XL675d Gen10 Plus Server: before 2.71
HPE ProLiant XL925g Gen10 Plus 1U 4-node Configure-to-order Server: before 2.71
HPE Storage File Controller: before 2.71
HPE Storage Performance File Controller: before 2.71
HPE StoreEasy 1460 Storage: before 2.71
HPE StoreEasy 1560 Storage: before 2.71
HPE StoreEasy 1660 Expanded Storage: before 2.71
HPE StoreEasy 1660 Performance Storage: before 2.71
HPE StoreEasy 1660 Storage: before 2.71
HPE StoreEasy 1860 Performance Storage: before 2.71
HPE StoreEasy 1860 Storage: before 2.71
External linkshttp://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04333en_us
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Input validation error
EUVDB-ID: #VU65938
Risk: Medium
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-28634
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input. A local user with high privileges can trigger the vulnerability to escalate privileges on the system.
Install updates from vendor's website.
Vulnerable software versionsHPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers: before 2.71
HPE Apollo 2000 Gen10 Plus System: before 2.71
HPE Apollo 4200 Gen10 Plus System: before 2.71
HPE Apollo 4200 Gen10 Server: before 2.71
HPE ProLiant XL420 Gen10 Server: before 2.71
HPE Apollo 4510 Gen10 System: before 2.71
HPE Apollo 6500 Gen10 Plus System: before 2.71
HPE Apollo 6500 Gen10 System: before 2.71
HPE Apollo n2600 Gen10 Plus: before 2.71
HPE Apollo n2800 Gen10 Plus: before 2.71
HPE Apollo r2000 Chassis: before 2.71
HPE Apollo r2800 Gen10: before 2.71
HPE Apollo r2600 Gen10: before 2.71
HPE Edgeline e920 Server Blade: before 2.71
HPE Edgeline e920d Server Blade: before 2.71
HPE Edgeline e920t Server Blade: before 2.71
HPE ProLiant DL20 Gen10 Plus server: before 2.71
HPE ProLiant BL460c Gen10 Server Blade: before 2.71
HPE ProLiant DL20 Gen10 Server: before 2.71
HPE ProLiant DL110 Gen10 Plus Telco server: before 2.71
HPE ProLiant DL120 Gen10 Server: before 2.71
HPE ProLiant DL160 Gen10 Server: before 2.71
HPE ProLiant DL180 Gen10 Server: before 2.71
HPE ProLiant DL325 Gen10 Plus server: before 2.71
HPE ProLiant DL325 Gen10 Plus v2 server: before 2.71
HPE ProLiant DL325 Gen10 Server: before 2.71
HPE ProLiant DL345 Gen10 Plus server: before 2.71
HPE ProLiant DL360 Gen10 Plus server: before 2.71
HPE ProLiant DL360 Gen10 Server: before 2.71
HPE ProLiant DL365 Gen10 Plus server: before 2.71
HPE ProLiant DL380 Gen10 Plus server: before 2.71
HPE ProLiant DL380 Gen10 Server: before 2.71
HPE ProLiant DL385 Gen10 Plus server: before 2.71
HPE ProLiant DL385 Gen10 Plus v2 server: before 2.71
HPE ProLiant DL385 Gen10 Server: before 2.71
HPE ProLiant DL560 Gen10 Server: before 2.71
HPE ProLiant DL580 Gen10 Server: before 2.71
HPE ProLiant DX170r Gen10 server: before 2.71
HPE ProLiant DX190r Gen10 server: before 2.71
HPE ProLiant DX220n Gen10 Plus server: before 2.71
HPE ProLiant DX325 Gen10 Plus v2 server: before 2.71
HPE ProLiant DX360 Gen10 Plus server: before 2.71
HPE ProLiant DX360 Gen10 server: before 2.71
HPE ProLiant DX380 Gen10 Plus server: before 2.71
HPE ProLiant DX380 Gen10 server: before 2.71
HPE ProLiant DX385 Gen10 Plus server: before 2.71
HPE ProLiant DX385 Gen10 Plus v2 server: before 2.71
HPE ProLiant DX4200 Gen10 server: before 2.71
HPE ProLiant DX560 Gen10 server: before 2.71
HPE ProLiant e910 Server Blade: before 2.71
HPE ProLiant e910t Server Blade: before 2.71
HPE ProLiant m750 Server Blade: before 2.71
HPE ProLiant MicroServer Gen10 Plus: before 2.71
HPE ProLiant ML30 Gen10 Plus server: before 2.71
HPE ProLiant ML30 Gen10 Server: before 2.71
HPE ProLiant ML110 Gen10 Server: before 2.71
HPE ProLiant ML350 Gen10 Server: before 2.71
HPE ProLiant XL170r Gen10 Server: before 2.71
HPE ProLiant XL190r Gen10 Server: before 2.71
HPE ProLiant XL220n Gen10 Plus Server: before 2.71
HPE ProLiant XL225n Gen10 Plus 1U Node: before 2.71
HPE ProLiant XL230k Gen10 Server: before 2.71
HPE ProLiant XL270d Gen10 Server: before 2.71
HPE ProLiant XL290n Gen10 Plus Server: before 2.71
HPE ProLiant XL450 Gen10 Server: before 2.71
HPE ProLiant XL645d Gen10 Plus Server: before 2.71
HPE ProLiant XL675d Gen10 Plus Server: before 2.71
HPE ProLiant XL925g Gen10 Plus 1U 4-node Configure-to-order Server: before 2.71
HPE Storage File Controller: before 2.71
HPE Storage Performance File Controller: before 2.71
HPE StoreEasy 1460 Storage: before 2.71
HPE StoreEasy 1560 Storage: before 2.71
HPE StoreEasy 1660 Expanded Storage: before 2.71
HPE StoreEasy 1660 Performance Storage: before 2.71
HPE StoreEasy 1660 Storage: before 2.71
HPE StoreEasy 1860 Performance Storage: before 2.71
HPE StoreEasy 1860 Storage: before 2.71
External linkshttp://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04333en_us
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Input validation error
EUVDB-ID: #VU65939
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-28635
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to escalate privileges on the system and perform a denial of service attack.
The vulnerability exists due to insufficient validation of user-supplied input. A local attacker can trigger the vulnerability to escalate privileges on the system and perform a denial of service attack.
Install updates from vendor's website.
Vulnerable software versionsHPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers: before 2.71
HPE Apollo 2000 Gen10 Plus System: before 2.71
HPE Apollo 4200 Gen10 Plus System: before 2.71
HPE Apollo 4200 Gen10 Server: before 2.71
HPE ProLiant XL420 Gen10 Server: before 2.71
HPE Apollo 4510 Gen10 System: before 2.71
HPE Apollo 6500 Gen10 Plus System: before 2.71
HPE Apollo 6500 Gen10 System: before 2.71
HPE Apollo n2600 Gen10 Plus: before 2.71
HPE Apollo n2800 Gen10 Plus: before 2.71
HPE Apollo r2000 Chassis: before 2.71
HPE Apollo r2800 Gen10: before 2.71
HPE Apollo r2600 Gen10: before 2.71
HPE Edgeline e920 Server Blade: before 2.71
HPE Edgeline e920d Server Blade: before 2.71
HPE Edgeline e920t Server Blade: before 2.71
HPE ProLiant DL20 Gen10 Plus server: before 2.71
HPE ProLiant BL460c Gen10 Server Blade: before 2.71
HPE ProLiant DL20 Gen10 Server: before 2.71
HPE ProLiant DL110 Gen10 Plus Telco server: before 2.71
HPE ProLiant DL120 Gen10 Server: before 2.71
HPE ProLiant DL160 Gen10 Server: before 2.71
HPE ProLiant DL180 Gen10 Server: before 2.71
HPE ProLiant DL325 Gen10 Plus server: before 2.71
HPE ProLiant DL325 Gen10 Plus v2 server: before 2.71
HPE ProLiant DL325 Gen10 Server: before 2.71
HPE ProLiant DL345 Gen10 Plus server: before 2.71
HPE ProLiant DL360 Gen10 Plus server: before 2.71
HPE ProLiant DL360 Gen10 Server: before 2.71
HPE ProLiant DL365 Gen10 Plus server: before 2.71
HPE ProLiant DL380 Gen10 Plus server: before 2.71
HPE ProLiant DL380 Gen10 Server: before 2.71
HPE ProLiant DL385 Gen10 Plus server: before 2.71
HPE ProLiant DL385 Gen10 Plus v2 server: before 2.71
HPE ProLiant DL385 Gen10 Server: before 2.71
HPE ProLiant DL560 Gen10 Server: before 2.71
HPE ProLiant DL580 Gen10 Server: before 2.71
HPE ProLiant DX170r Gen10 server: before 2.71
HPE ProLiant DX190r Gen10 server: before 2.71
HPE ProLiant DX220n Gen10 Plus server: before 2.71
HPE ProLiant DX325 Gen10 Plus v2 server: before 2.71
HPE ProLiant DX360 Gen10 Plus server: before 2.71
HPE ProLiant DX360 Gen10 server: before 2.71
HPE ProLiant DX380 Gen10 Plus server: before 2.71
HPE ProLiant DX380 Gen10 server: before 2.71
HPE ProLiant DX385 Gen10 Plus server: before 2.71
HPE ProLiant DX385 Gen10 Plus v2 server: before 2.71
HPE ProLiant DX4200 Gen10 server: before 2.71
HPE ProLiant DX560 Gen10 server: before 2.71
HPE ProLiant e910 Server Blade: before 2.71
HPE ProLiant e910t Server Blade: before 2.71
HPE ProLiant m750 Server Blade: before 2.71
HPE ProLiant MicroServer Gen10 Plus: before 2.71
HPE ProLiant ML30 Gen10 Plus server: before 2.71
HPE ProLiant ML30 Gen10 Server: before 2.71
HPE ProLiant ML110 Gen10 Server: before 2.71
HPE ProLiant ML350 Gen10 Server: before 2.71
HPE ProLiant XL170r Gen10 Server: before 2.71
HPE ProLiant XL190r Gen10 Server: before 2.71
HPE ProLiant XL220n Gen10 Plus Server: before 2.71
HPE ProLiant XL225n Gen10 Plus 1U Node: before 2.71
HPE ProLiant XL230k Gen10 Server: before 2.71
HPE ProLiant XL270d Gen10 Server: before 2.71
HPE ProLiant XL290n Gen10 Plus Server: before 2.71
HPE ProLiant XL450 Gen10 Server: before 2.71
HPE ProLiant XL645d Gen10 Plus Server: before 2.71
HPE ProLiant XL675d Gen10 Plus Server: before 2.71
HPE ProLiant XL925g Gen10 Plus 1U 4-node Configure-to-order Server: before 2.71
HPE Storage File Controller: before 2.71
HPE Storage Performance File Controller: before 2.71
HPE StoreEasy 1460 Storage: before 2.71
HPE StoreEasy 1560 Storage: before 2.71
HPE StoreEasy 1660 Expanded Storage: before 2.71
HPE StoreEasy 1660 Performance Storage: before 2.71
HPE StoreEasy 1660 Storage: before 2.71
HPE StoreEasy 1860 Performance Storage: before 2.71
HPE StoreEasy 1860 Storage: before 2.71
External linkshttp://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04333en_us
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Input validation error
EUVDB-ID: #VU65941
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-28636
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to escalate privileges on the system and perform a denial of service attack.
The vulnerability exists due to insufficient validation of user-supplied input. A local attacker can trigger the vulnerability to escalate privileges on the system and perform a denial of service attack.
Install updates from vendor's website.
Vulnerable software versionsHPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers: before 2.71
HPE Apollo 2000 Gen10 Plus System: before 2.71
HPE Apollo 4200 Gen10 Plus System: before 2.71
HPE Apollo 4200 Gen10 Server: before 2.71
HPE ProLiant XL420 Gen10 Server: before 2.71
HPE Apollo 4510 Gen10 System: before 2.71
HPE Apollo 6500 Gen10 Plus System: before 2.71
HPE Apollo 6500 Gen10 System: before 2.71
HPE Apollo n2600 Gen10 Plus: before 2.71
HPE Apollo n2800 Gen10 Plus: before 2.71
HPE Apollo r2000 Chassis: before 2.71
HPE Apollo r2800 Gen10: before 2.71
HPE Apollo r2600 Gen10: before 2.71
HPE Edgeline e920 Server Blade: before 2.71
HPE Edgeline e920d Server Blade: before 2.71
HPE Edgeline e920t Server Blade: before 2.71
HPE ProLiant DL20 Gen10 Plus server: before 2.71
HPE ProLiant BL460c Gen10 Server Blade: before 2.71
HPE ProLiant DL20 Gen10 Server: before 2.71
HPE ProLiant DL110 Gen10 Plus Telco server: before 2.71
HPE ProLiant DL120 Gen10 Server: before 2.71
HPE ProLiant DL160 Gen10 Server: before 2.71
HPE ProLiant DL180 Gen10 Server: before 2.71
HPE ProLiant DL325 Gen10 Plus server: before 2.71
HPE ProLiant DL325 Gen10 Plus v2 server: before 2.71
HPE ProLiant DL325 Gen10 Server: before 2.71
HPE ProLiant DL345 Gen10 Plus server: before 2.71
HPE ProLiant DL360 Gen10 Plus server: before 2.71
HPE ProLiant DL360 Gen10 Server: before 2.71
HPE ProLiant DL365 Gen10 Plus server: before 2.71
HPE ProLiant DL380 Gen10 Plus server: before 2.71
HPE ProLiant DL380 Gen10 Server: before 2.71
HPE ProLiant DL385 Gen10 Plus server: before 2.71
HPE ProLiant DL385 Gen10 Plus v2 server: before 2.71
HPE ProLiant DL385 Gen10 Server: before 2.71
HPE ProLiant DL560 Gen10 Server: before 2.71
HPE ProLiant DL580 Gen10 Server: before 2.71
HPE ProLiant DX170r Gen10 server: before 2.71
HPE ProLiant DX190r Gen10 server: before 2.71
HPE ProLiant DX220n Gen10 Plus server: before 2.71
HPE ProLiant DX325 Gen10 Plus v2 server: before 2.71
HPE ProLiant DX360 Gen10 Plus server: before 2.71
HPE ProLiant DX360 Gen10 server: before 2.71
HPE ProLiant DX380 Gen10 Plus server: before 2.71
HPE ProLiant DX380 Gen10 server: before 2.71
HPE ProLiant DX385 Gen10 Plus server: before 2.71
HPE ProLiant DX385 Gen10 Plus v2 server: before 2.71
HPE ProLiant DX4200 Gen10 server: before 2.71
HPE ProLiant DX560 Gen10 server: before 2.71
HPE ProLiant e910 Server Blade: before 2.71
HPE ProLiant e910t Server Blade: before 2.71
HPE ProLiant m750 Server Blade: before 2.71
HPE ProLiant MicroServer Gen10 Plus: before 2.71
HPE ProLiant ML30 Gen10 Plus server: before 2.71
HPE ProLiant ML30 Gen10 Server: before 2.71
HPE ProLiant ML110 Gen10 Server: before 2.71
HPE ProLiant ML350 Gen10 Server: before 2.71
HPE ProLiant XL170r Gen10 Server: before 2.71
HPE ProLiant XL190r Gen10 Server: before 2.71
HPE ProLiant XL220n Gen10 Plus Server: before 2.71
HPE ProLiant XL225n Gen10 Plus 1U Node: before 2.71
HPE ProLiant XL230k Gen10 Server: before 2.71
HPE ProLiant XL270d Gen10 Server: before 2.71
HPE ProLiant XL290n Gen10 Plus Server: before 2.71
HPE ProLiant XL450 Gen10 Server: before 2.71
HPE ProLiant XL645d Gen10 Plus Server: before 2.71
HPE ProLiant XL675d Gen10 Plus Server: before 2.71
HPE ProLiant XL925g Gen10 Plus 1U 4-node Configure-to-order Server: before 2.71
HPE Storage File Controller: before 2.71
HPE Storage Performance File Controller: before 2.71
HPE StoreEasy 1460 Storage: before 2.71
HPE StoreEasy 1560 Storage: before 2.71
HPE StoreEasy 1660 Expanded Storage: before 2.71
HPE StoreEasy 1660 Performance Storage: before 2.71
HPE StoreEasy 1660 Storage: before 2.71
HPE StoreEasy 1860 Performance Storage: before 2.71
HPE StoreEasy 1860 Storage: before 2.71
External linkshttp://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04333en_us
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
