Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-26589

A potential security vulnerability has been identified in HPE Superdome Flex Servers. The vulnerability could be remotely exploited to allow Cross Site Scripting (XSS) because the Session Cookie is missing an HttpOnly Attribute. HPE has provided a firmware update to resolve the vulnerability in HPE Superdome Flex Servers.

Published

2021-10-19T15:15:07.533

Last Modified

2024-11-21T05:56:32.500

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.1 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-732

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	hpe	superdome_flex_firmware	< 3.40.106	Yes
Hardware	hpe	superdome_flex	-	No
Operating System	hpe	superdome_flex_280_firmware	< 3.40.106	Yes
Hardware	hpe	superdome_flex_280	-	No

References

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04199en_us Vendor Advisory ([email protected])
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04199en_us Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)