ProLiant Servers (ML,DL,SL)
cancel
Showing results for 
Search instead for 
Did you mean: 

HP ILO 4 QUALYS Vulnerability

 
MAVER
Occasional Visitor

HP ILO 4 QUALYS Vulnerability

Howdy has anyone found that qualys is detecting a vulnerability on the HP ILO 4 cards on Proliant DL380 GEN 9 servers that is due to having an outdated version of jquery running on the ILO? 

The Qualys QID is 13477 and the vulnerability reported is that there is an outdated version of Jquery 1.x or 2.x found on the ILO cards.I am running the latest version of firmware which is 2.62.

HPE support hasn't been able to provide any information on this issue or even verify that jquery is used on the cards or if there is a way to disable jquery. 

 

1 REPLY 1
Harsh_b
HPE Pro

Re: HP ILO 4 QUALYS Vulnerability

Hello Maver, 

Please follow the below actions

1) update iLO FW to version 2.70 and check for reported issue

2) check the status again by re-scanning

3) if reported issue persists then please contact HPE support to log a case

Please dont forget to export CVE outcome to an excel file and share with hpe along AHS logs 

Regards

I am an HPE Employee