Call us Send E-Mail Contact & Persons

Critical vulnerabilities CVE-2022-28631, CVE-2022-28632, CVE-2022-28627 and CVE-2022-28628 in HPE Integrated Lights-Out (iLO) closed.

16th August 2022

Hewlett Packard Enterprises (HPE) has closed important vulnerabilities in its remote management product Lights-Out 5 (iLO 5). Attackers were able to infiltrate and execute malicious code in iLO 5 due to security vulnerabilities, some of which were critical. HPE classifies four of the vulnerabilities as critical (CVE-2022-28631, CVE-2022-28632, CVE-2022-28627 and CVE-2022-28628). HPE has provided updated software packages (go to HPE Support Center) that address the vulnerabilities. These are sealed with firmware version HPE Integrated Lights-Out 5 (iLO 5) 2.71 or newer.

If you have further questions on this matter or if you require support, please contact our Customer Support.


Peter Schwark


Our RSS feed always keeps you up to date! This way, you’ll receive same-day notification when a new article has been posted to the IT Security Bulletin. Just enter the following link in your feed reader:

You can find out how to integrate the RSS feed into Outlook here.