PT-2020-15778 · Hewlett Packard · Hpe Kvm Ip Console Switches

Published

2020-10-02

Updated

2020-10-14

CVE-2020-24627

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions HPE KVM IP Console Switches version(s): G2 4x1Ex32 Prior to 2.8.3

Description A remote stored XSS issue was discovered. This allows for malicious scripts to be stored on the server and executed when other users access the affected page.

Recommendations For HPE KVM IP Console Switches version(s): G2 4x1Ex32 Prior to 2.8.3, update to version 2.8.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the web interface of the console switch to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2020-24627

Affected Products

Hpe Kvm Ip Console Switches

PT-2020-15778 · Hewlett Packard · Hpe Kvm Ip Console Switches

CVE-2020-24627

Weakness Enumeration

Related Identifiers

Affected Products

References · 4