PT-2021-18129 · Hewlett Packard · Hpe Integrated Lights-Out 4+6
Published
2021-05-18
·
Updated
2022-04-25
·
CVE-2021-29210
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
HPE Integrated Lights-Out 4 (iLO 4) versions prior to 2.78
HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers versions prior to 2.78
HPE SimpliVity 380 Gen9 versions prior to 2.78
HPE SimpliVity 380 Gen10 versions prior to 2.78
HPE SimpliVity 2600 versions prior to 2.78
HPE SimpliVity 380 Gen10 G versions prior to 2.78
HPE SimpliVity 325 versions prior to 2.78
HPE SimpliVity 380 Gen10 H versions prior to 2.78
Description:
A remote DOM XSS, CRLF injection issue was discovered. This issue may allow for malicious activities, but specific details about the estimated number of potentially affected devices or real-world incidents are not provided.
Recommendations:
For HPE Integrated Lights-Out 4 (iLO 4) versions prior to 2.78, update to version 2.78 or later.
For HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers versions prior to 2.78, update to version 2.78 or later.
For HPE SimpliVity 380 Gen9 versions prior to 2.78, update to version 2.78 or later.
For HPE SimpliVity 380 Gen10 versions prior to 2.78, update to version 2.78 or later.
For HPE SimpliVity 2600 versions prior to 2.78, update to version 2.78 or later.
For HPE SimpliVity 380 Gen10 G versions prior to 2.78, update to version 2.78 or later.
For HPE SimpliVity 325 versions prior to 2.78, update to version 2.78 or later.
For HPE SimpliVity 380 Gen10 H versions prior to 2.78, update to version 2.78 or later.
Fix
Special Elements Injection
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Hpe Integrated Lights-Out 4
Hpe Integrated Lights-Out 5
Hpe Simplivity 2600
Hpe Simplivity 325
Hpe Simplivity 380 Gen10 H
Hpe Simplivity 380 Gen9
Hpe Ilo