Hewlett Packard Enterprise Product Security Vulnerability Alerts
​CacheOut Vulnerability (CVE-2020-0548 and CVE-2020-0549)
Version 5.0 : Last Updated: July 06, 2020
This website is updated frequently, as new product information becomes available.
On January 27, 2020, Intel disclosed a vulnerability in their CPU processor microcode software which allows for information disclosure. The vulnerability is nicknamed CacheOut by the security researchers who discovered the issues and refers to CVE-2020-0548 and CVE-2020-0549. HPE will provide documentation about product impact and resolutions here.
- Resources
- Intel Processors Data Leakage Advisory
- HPE Vulnerability Homepage
- Mitre CVE-2020-0548
- Mitre CVE-2020-0549
- HPE Security Bulletin hpesbhf03985
- HPE Support Center
Disclaimer: One or more of the links above will take you outside the HPE website. HPE is not responsible for content outside of its domain.
Usage Instructions and Definitions for CVE Vulnerability Information |
|
Data |
Definition |
Product Category |
High-level product description. |
Product Sub-Category |
Medium-level product description. |
Product Name |
Detailed product description. |
|
|
(Impacted) |
Indicates whether the specific product is affected by the cited vulnerability. |
|
|
If Impacted - Mitigation or |
Information regarding how to address a vulnerability. |
Under Investigation |
|
Link(s) to security bulletin (Vendor) |
Link to Vendor's Security Bulletin. |
Use the following table to find vulnerability information by entering the name of the product (e.g. ML350) in the search box.
Sub
Category |
Product
Name |
Impacted
(Y/N/Under Investigation) |
Mitigation
and Notes |
Customer
Bulletin |
Security
Bulletin |
|
Servers |
Cloudline |
CL2100
Gen10 |
Yes |
Resolved in System ROM version 1.18.0.2 |
|
|
Servers |
Cloudline |
CL2200
Gen10 |
Yes |
Resolved in System ROM version 1.18.0.2 |
|
|
Servers |
Cloudline |
CL2600
Gen10 |
Yes |
Resolved in System ROM version 2.4.0 |
|
|
Servers |
Cloudline |
CL2800
Gen10 |
Yes |
Resolved in System ROM version 2.4.0 |
| |
Servers |
Cloudline |
CL3100
Gen10 |
Yes |
Resolved in System ROM version 1.10.0.0 |
|
|
Servers |
Cloudline |
CL4100
Gen10 |
Yes |
Resolved in System ROM version 1.10.0.0 |
| |
Servers |
Cloudline |
CL5800
Gen10 |
Yes |
Resolved in System ROM version 1.10.0.0 |
|
|
Servers |
Superdome |
Superdome
Flex Server |
Yes |
Resolved in firmware version 3.25.46 |
| |
Servers |
ProLiant |
DL360
Gen10 |
Yes |
Resolved in System ROM version 2.30 |
|
|
Servers |
ProLiant |
DL380
Gen10 |
Yes |
Resolved in System ROM version 2.30 |
| |
Servers |
ProLiant |
DL160
Gen10 |
Yes |
Resolved in System ROM version 2.30 |
|
|
Servers |
ProLiant |
DL180
Gen10 |
Yes |
Resolved in System ROM version 2.30 |
| |
Servers |
ProLiant |
ML350
Gen10 |
Yes |
Resolved in System ROM version 2.30 |
|
|
Servers |
ProLiant |
ML110
Gen10 |
Yes |
Resolved in System ROM version 2.30 |
| |
Servers |
ProLiant |
BL460c
Gen10 |
Yes |
Resolved in System ROM version 2.30 |
|
|
Servers |
ProLiant |
SY480
Gen10 |
Yes |
Resolved in System ROM version 2.30 |
| |
Servers |
ProLiant |
SY660
Gen10 |
Yes |
Resolved in System ROM version 2.30 |
|
|
Servers |
ProLiant |
DL560
Gen10 |
Yes |
Resolved in System ROM version 2.30 |
| |
Servers |
ProLiant |
DL580
Gen10 |
Yes |
Resolved in System ROM version 2.30 |
|
|
Servers |
ProLiant |
ML110
Gen10 |
Yes |
Resolved in System ROM version 2.30 |
| |
Servers |
ProLiant |
DL120
Gen10 |
Yes |
Resolved in System ROM version 2.30 |
|
|
Servers |
ProLiant |
XL230k
Gen10 (Apollo 6000) |
Yes |
Resolved in System ROM version 2.30 |
| |
Servers |
ProLiant |
XL420
Gen10 (Apollo 4200) |
Yes |
Resolved in System ROM version 2.30 |
|
|
Servers |
ProLiant |
XL450
Gen10 (Apollo 4500) |
Yes |
Resolved in System ROM version 2.30 |
| |
Servers |
ProLiant |
XL170/190
Gen10 (Apollo 2000) |
Yes |
Resolved in System ROM version 2.30 |
|
|
Servers |
ProLiant |
XL270d
Gen10 (Apollo 6500) |
Yes |
Resolved in System ROM version 2.30 |
| |
Servers |
ProLiant |
ML30
Gen9 |
Yes |
Resolved in System ROM version 2.30 |
|
|
Servers |
ProLiant |
DL20
Gen9 |
Yes |
Resolved in System ROM version 2.30 |
| |
Servers |
ProLiant |
M710x |
Yes |
Resolved in System ROM version 2.30 |
|
|
Servers |
ProLiant |
ML30
Gen10 |
Yes |
Resolved in System ROM version 2.30 |
| |
Servers |
ProLiant |
DL20
Gen10 |
Yes |
Resolved in System ROM version 2.30 |
|
|
Servers |
ProLiant |
M750 Server Blade |
Yes |
Prior to ROM v1.30 - 2020.05.0(11 Jun 2020) Firmware and Software |
| |
Servers |
ProLiant |
ML10
Gen9 |
No |
Not
Impacted |
|
|
Servers |
ProLiant |
MicroServer Gen10 |
No |
Not
Impacted |
| |
Servers |
ProLiant |
MicroServer Gen10 Plus |
No |
Not
Impacted |
|
|
Servers |
Edgeline |
E910
EdgeLine |
Yes |
Prior to ROM v1.62 - 2020.06.0(15 Jun 2020) Firmware and Software |
| |
Storage |
SimpliVity |
HPE
SimpliVity 380 Gen10 Nodes |
Yes |
Resolved in System ROM version 2.30 and included in the 4.0.1 release |
|
|
Storage |
Storage |
HPE
SimpliVity 2600 Gen10 Nodes |
Yes |
Resolved in System ROM version 2.30 and included in the 4.0.1 release |
| |
Storage |
Storage |
HPE
Primera 600 Storage |
Yes |
Not
Vulnerable - Product does not allow arbitrary code execution. |
|
|
Storage |
StoreOnce |
HPE
StoreOnce 3620 |
Yes |
Not
Vulnerable - Product does not allow arbitrary code execution. |
| |
Storage |
StoreOnce |
HPE
StoreOnce 3640 |
Yes |
Not
Vulnerable - Product does not allow arbitrary code execution. |
|
|
Storage |
StoreOnce |
HPE
StoreOnce 5200 |
Yes |
Not
Vulnerable - Product does not allow arbitrary code execution. |
| |
Storage |
StoreOnce |
HPE
StoreOnce 5250 |
Yes |
Not
Vulnerable - Product does not allow arbitrary code execution. |
|
|
Storage |
StoreOnce |
HPE
StoreOnce 5650 |
Yes |
Not
Vulnerable - Product does not allow arbitrary code execution. |
| |
Servers |
Synergy |
HPE OneView |
No |
Not
Vulnerable |
|
|
Servers |
Synergy |
HPE Synergy Composer |
No |
Not
Vulnerable |
| |
Servers |
Synergy |
HPE OneView Global Dashboard |
No |
Not
Vulnerable |
|
|
Servers |
Synergy |
HPE Image Streamer |
No |
Not
Vulnerable |
| |
Servers |
Servers |
HPE iLO |
|
|
|
|
Storage |
MSA |
MSA 1040 |
No |
|
|
|
Storage |
MSA |
MSA 2040 |
No |
|
|
|
Storage |
MSA |
MSA 2042 |
No |
|
| |
Storage |
MSA |
MSA 1050 |
No |
|
|
|
Storage |
MSA |
MSA 2050 |
No |
|
| |
Storage |
MSA |
MSA 2052 |
No |
|
|
|
Storage |
MSA |
MSA P2000 G3 |
No |
|
| |
Storage |
3PAR |
HPE 3PAR Physical Service Processor |
Yes |
Service Processors based on HPE ProLiant DL360 Gen10, update to System ROM version 2.30. Other platforms are not Impacted. |
|