CVE-2021-29210

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 25-05-2021 05:15

Last modified: - 25-04-2022 10:11

Total changes: - 3

Description

A remote dom xss, crlf injection vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380 Gen10 H version(s): Prior to version 2.78.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Low

Attack complexity

Network

Attack vector

None

Availability

Low

Confidentiality

Low

Integrity

High

Privileges required

Changed

Scope

Required

User interaction

4.8

Base score

1.7

2.7

Exploitability score

Impact score

Verification logic

AND

vendor=hp AND product=integrated_lights-out_4 AND versionEndExcluding=2.78

vendor=hp AND product=simplivity_380_gen9 AND version=-

AND

vendor=hp AND product=integrated_lights-out_5 AND versionEndExcluding=2.44

vendor=hp AND product=proliant_bl460c_gen10_server_blade AND version=-

vendor=hp AND product=proliant_dl120_gen10_server AND version=-

vendor=hp AND product=proliant_dl160_gen10_server AND version=-

vendor=hp AND product=proliant_dl180_gen10_server AND version=-

vendor=hp AND product=proliant_dl20_gen10_server AND version=-

vendor=hp AND product=proliant_dl325_gen10_plus_server AND version=-

vendor=hp AND product=proliant_dl325_gen10_server AND version=-

vendor=hp AND product=proliant_dl360_gen10_server AND version=-

vendor=hp AND product=proliant_dl380_gen10_server AND version=-

vendor=hp AND product=proliant_dl385_gen10_plus_server AND version=-

vendor=hp AND product=proliant_dl385_gen10_server AND version=-

vendor=hp AND product=proliant_dl560_gen10_server AND version=-

vendor=hp AND product=proliant_dl580_gen10_server AND version=-

vendor=hp AND product=proliant_ml110_gen10_server AND version=-

vendor=hp AND product=proliant_ml30_gen10_server AND version=-

vendor=hp AND product=proliant_ml350_gen10_server AND version=-

vendor=hp AND product=proliant_xl170r_gen10_server AND version=-

vendor=hp AND product=proliant_xl190r_gen10_server AND version=-

vendor=hp AND product=proliant_xl230k_gen10_server AND version=-

vendor=hp AND product=proliant_xl270d_gen10_server AND version=-

vendor=hp AND product=proliant_xl450_gen10_server AND version=-

vendor=hp AND product=simplivity_2600 AND version=-

vendor=hp AND product=simplivity_325 AND version=-

vendor=hp AND product=simplivity_380_gen10 AND version=-

vendor=hp AND product=simplivity_380_gen10_g AND version=-

vendor=hp AND product=simplivity_380_gen10_h AND version=-

Reference

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04134en_us

Keywords

CVE-2021-29210

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2021-29210

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures