Описание
A potential security vulnerability has been identified in HPE Superdome Flex Servers. The vulnerability could be remotely exploited to allow Cross Site Scripting (XSS) because the Session Cookie is missing an HttpOnly Attribute. HPE has provided a firmware update to resolve the vulnerability in HPE Superdome Flex Servers.
Уязвимые конфигурации
Конфигурация 1Версия до 3.40.106 (исключая)
Одновременно
cpe:2.3:o:hpe:superdome_flex_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hpe:superdome_flex:-:*:*:*:*:*:*:*
Конфигурация 2Версия до 3.40.106 (исключая)
Одновременно
cpe:2.3:o:hpe:superdome_flex_280_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hpe:superdome_flex_280:-:*:*:*:*:*:*:*
EPSS
Процентиль: 42%
0.00197
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-732
Связанные уязвимости
CVSS3: 6.1
github
больше 3 лет назад
A potential security vulnerability has been identified in HPE Superdome Flex Servers. The vulnerability could be remotely exploited to allow Cross Site Scripting (XSS) because the Session Cookie is missing an HttpOnly Attribute. HPE has provided a firmware update to resolve the vulnerability in HPE Superdome Flex Servers.
EPSS
Процентиль: 42%
0.00197
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-732