Hewlett Packard Enterprise Product Security Vulnerability Alerts
​CacheOut Vulnerability (CVE-2020-0548 and CVE-2020-0549)
Version 5.0 : Last Updated: July 06, 2020
This website is updated frequently, as new product information becomes available.
On January 27, 2020, Intel disclosed a vulnerability in their CPU processor microcode software which allows for information disclosure. The vulnerability is nicknamed CacheOut by the security researchers who discovered the issues and refers to CVE-2020-0548 and CVE-2020-0549. HPE will provide documentation about product impact and resolutions here.
- Resources
- Intel Processors Data Leakage Advisory
- HPE Vulnerability Homepage
- Mitre CVE-2020-0548
- Mitre CVE-2020-0549
- HPE Security Bulletin hpesbhf03985
- HPE Support Center
Disclaimer: One or more of the links above will take you outside the HPE website. HPE is not responsible for content outside of its domain.
|
Usage Instructions and Definitions for CVE Vulnerability Information |
|
|
Data |
Definition |
|
Product Category |
High-level product description. |
|
Product Sub-Category |
Medium-level product description. |
|
Product Name |
Detailed product description. |
|
|
|
|
(Impacted) |
Indicates whether the specific product is affected by the cited vulnerability. |
|
|
|
|
If Impacted - Mitigation or |
Information regarding how to address a vulnerability. |
|
Under Investigation |
|
|
Link(s) to security bulletin (Vendor) |
Link to Vendor's Security Bulletin. |
Use the following table to find vulnerability information by entering the name of the product (e.g. ML350) in the search box.
|
Sub
Category |
Product
Name |
Impacted
(Y/N/Under Investigation) |
Mitigation
and Notes |
Customer
Bulletin |
Security
Bulletin |
|
|
Servers |
Cloudline |
CL2100
Gen10 |
Yes |
Resolved in System ROM version 1.18.0.2 |
|
|
|
Servers |
Cloudline |
CL2200
Gen10 |
Yes |
Resolved in System ROM version 1.18.0.2 |
|
|
|
Servers |
Cloudline |
CL2600
Gen10 |
Yes |
Resolved in System ROM version 2.4.0 |
|
|
|
Servers |
Cloudline |
CL2800
Gen10 |
Yes |
Resolved in System ROM version 2.4.0 |
| |
|
Servers |
Cloudline |
CL3100
Gen10 |
Yes |
Resolved in System ROM version 1.10.0.0 |
|
|
|
Servers |
Cloudline |
CL4100
Gen10 |
Yes |
Resolved in System ROM version 1.10.0.0 |
| |
|
Servers |
Cloudline |
CL5800
Gen10 |
Yes |
Resolved in System ROM version 1.10.0.0 |
|
|
|
Servers |
Superdome |
Superdome
Flex Server |
Yes |
Resolved in firmware version 3.25.46 |
| |
|
Servers |
ProLiant |
DL360
Gen10 |
Yes |
Resolved in System ROM version 2.30 |
|
|
|
Servers |
ProLiant |
DL380
Gen10 |
Yes |
Resolved in System ROM version 2.30 |
| |
|
Servers |
ProLiant |
DL160
Gen10 |
Yes |
Resolved in System ROM version 2.30 |
|
|
|
Servers |
ProLiant |
DL180
Gen10 |
Yes |
Resolved in System ROM version 2.30 |
| |
|
Servers |
ProLiant |
ML350
Gen10 |
Yes |
Resolved in System ROM version 2.30 |
|
|
|
Servers |
ProLiant |
ML110
Gen10 |
Yes |
Resolved in System ROM version 2.30 |
| |
|
Servers |
ProLiant |
BL460c
Gen10 |
Yes |
Resolved in System ROM version 2.30 |
|
|
|
Servers |
ProLiant |
SY480
Gen10 |
Yes |
Resolved in System ROM version 2.30 |
| |
|
Servers |
ProLiant |
SY660
Gen10 |
Yes |
Resolved in System ROM version 2.30 |
|
|
|
Servers |
ProLiant |
DL560
Gen10 |
Yes |
Resolved in System ROM version 2.30 |
| |
|
Servers |
ProLiant |
DL580
Gen10 |
Yes |
Resolved in System ROM version 2.30 |
|
|
|
Servers |
ProLiant |
ML110
Gen10 |
Yes |
Resolved in System ROM version 2.30 |
| |
|
Servers |
ProLiant |
DL120
Gen10 |
Yes |
Resolved in System ROM version 2.30 |
|
|
|
Servers |
ProLiant |
XL230k
Gen10 (Apollo 6000) |
Yes |
Resolved in System ROM version 2.30 |
| |
|
Servers |
ProLiant |
XL420
Gen10 (Apollo 4200) |
Yes |
Resolved in System ROM version 2.30 |
|
|
|
Servers |
ProLiant |
XL450
Gen10 (Apollo 4500) |
Yes |
Resolved in System ROM version 2.30 |
| |
|
Servers |
ProLiant |
XL170/190
Gen10 (Apollo 2000) |
Yes |
Resolved in System ROM version 2.30 |
|
|
|
Servers |
ProLiant |
XL270d
Gen10 (Apollo 6500) |
Yes |
Resolved in System ROM version 2.30 |
| |
|
Servers |
ProLiant |
ML30
Gen9 |
Yes |
Resolved in System ROM version 2.30 |
|
|
|
Servers |
ProLiant |
DL20
Gen9 |
Yes |
Resolved in System ROM version 2.30 |
| |
|
Servers |
ProLiant |
M710x |
Yes |
Resolved in System ROM version 2.30 |
|
|
|
Servers |
ProLiant |
ML30
Gen10 |
Yes |
Resolved in System ROM version 2.30 |
| |
|
Servers |
ProLiant |
DL20
Gen10 |
Yes |
Resolved in System ROM version 2.30 |
|
|
|
Servers |
ProLiant |
M750 Server Blade |
Yes |
Prior to ROM v1.30 - 2020.05.0(11 Jun 2020) Firmware and Software |
| |
|
Servers |
ProLiant |
ML10
Gen9 |
No |
Not
Impacted |
|
|
|
Servers |
ProLiant |
MicroServer Gen10 |
No |
Not
Impacted |
| |
|
Servers |
ProLiant |
MicroServer Gen10 Plus |
No |
Not
Impacted |
|
|
|
Servers |
Edgeline |
E910
EdgeLine |
Yes |
Prior to ROM v1.62 - 2020.06.0(15 Jun 2020) Firmware and Software |
| |
|
Storage |
SimpliVity |
HPE
SimpliVity 380 Gen10 Nodes |
Yes |
Resolved in System ROM version 2.30 and included in the 4.0.1 release |
|
|
|
Storage |
Storage |
HPE
SimpliVity 2600 Gen10 Nodes |
Yes |
Resolved in System ROM version 2.30 and included in the 4.0.1 release |
| |
|
Storage |
Storage |
HPE
Primera 600 Storage |
Yes |
Not
Vulnerable - Product does not allow arbitrary code execution. |
|
|
|
Storage |
StoreOnce |
HPE
StoreOnce 3620 |
Yes |
Not
Vulnerable - Product does not allow arbitrary code execution. |
| |
|
Storage |
StoreOnce |
HPE
StoreOnce 3640 |
Yes |
Not
Vulnerable - Product does not allow arbitrary code execution. |
|
|
|
Storage |
StoreOnce |
HPE
StoreOnce 5200 |
Yes |
Not
Vulnerable - Product does not allow arbitrary code execution. |
| |
|
Storage |
StoreOnce |
HPE
StoreOnce 5250 |
Yes |
Not
Vulnerable - Product does not allow arbitrary code execution. |
|
|
|
Storage |
StoreOnce |
HPE
StoreOnce 5650 |
Yes |
Not
Vulnerable - Product does not allow arbitrary code execution. |
| |
|
Servers |
Synergy |
HPE OneView |
No |
Not
Vulnerable |
|
|
|
Servers |
Synergy |
HPE Synergy Composer |
No |
Not
Vulnerable |
| |
|
Servers |
Synergy |
HPE OneView Global Dashboard |
No |
Not
Vulnerable |
|
|
|
Servers |
Synergy |
HPE Image Streamer |
No |
Not
Vulnerable |
| |
|
Servers |
Servers |
HPE iLO |
|
|
|
|
|
Storage |
MSA |
MSA 1040 |
No |
|
|
|
|
Storage |
MSA |
MSA 2040 |
No |
|
|
|
|
Storage |
MSA |
MSA 2042 |
No |
|
| |
|
Storage |
MSA |
MSA 1050 |
No |
|
|
|
|
Storage |
MSA |
MSA 2050 |
No |
|
| |
|
Storage |
MSA |
MSA 2052 |
No |
|
|
|
|
Storage |
MSA |
MSA P2000 G3 |
No |
|
| |
|
Storage |
3PAR |
HPE 3PAR Physical Service Processor |
Yes |
Service Processors based on HPE ProLiant DL360 Gen10, update to System ROM version 2.30. Other platforms are not Impacted. |
|