HPE Community
ProLiant Servers (ML,DL,SL)
1752728 Members
5747 Online
108789 Solutions
New Discussion

HP ILO 4 QUALYS Vulnerability

 
MAVER
New Member

‎05-20-2019 11:38 AM

‎05-20-2019 11:38 AM

HP ILO 4 QUALYS Vulnerability

Howdy has anyone found that qualys is detecting a vulnerability on the HP ILO 4 cards on Proliant DL380 GEN 9 servers that is due to having an outdated version of jquery running on the ILO? 

The Qualys QID is 13477 and the vulnerability reported is that there is an outdated version of Jquery 1.x or 2.x found on the ILO cards.I am running the latest version of firmware which is 2.62.

HPE support hasn't been able to provide any information on this issue or even verify that jquery is used on the cards or if there is a way to disable jquery. 

 

0 Kudos
Reply
1 REPLY 1
Harsh_b
HPE Pro

‎05-21-2019 03:35 AM

‎05-21-2019 03:35 AM

Re: HP ILO 4 QUALYS Vulnerability

Hello Maver, 

Please follow the below actions

1) update iLO FW to version 2.70 and check for reported issue

2) check the status again by re-scanning

3) if reported issue persists then please contact HPE support to log a case

Please dont forget to export CVE outcome to an excel file and share with hpe along AHS logs 

Regards

I am an HPE employee
Accept or Kudo
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.