What is CVE-2016-4406?

CVE-2016-4406 is a medium-severity vulnerability in Hewlett Packard Enterprise Hp Integrated Lights-out 3 (Ilo 3), Hpe 4 4), classified under Cross-site Scripting. CVSS score: 6.1/10. Published 2018-08-06.

How severe is CVE-2016-4406?

Medium severity. CVSS v3 base score is 6.1 out of 10.

XSS in Hewlett Packard Enterprise Hp Integrated Lights-out 3 (Ilo 3), Hpe 4 4)

CVE-2016-4406

A remote cross site scripting vulnerability was identified in HPE iLO 3 all version prior to v1.88 and HPE iLO 4 all versions prior to v2.44.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.026 (83.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.1 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N.

Affected products

Hewlett Packard Enterprise Hp Integrated Lights-out 3 (Ilo 3), Hpe 4 4) — versions iLO 3 all version prior to v1.88,iLO 4 all versions prior to v2.44
Hp Integrated_lights-out
Hp Integrated_lights-out_3_firmware
Hp Integrated_lights-out_4_firmware

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

security-alert@hpe.com (x_refsource_CONFIRM, Vendor Advisory)
security-alert@hpe.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_SECTRACK)
security-alert@hpe.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2016-4406?: CVE-2016-4406 is a medium-severity vulnerability in Hewlett Packard Enterprise Hp Integrated Lights-out 3 (Ilo 3), Hpe 4 4), classified under Cross-site Scripting. CVSS score: 6.1/10. Published 2018-08-06.
How severe is CVE-2016-4406?: Medium severity. CVSS v3 base score is 6.1 out of 10.