Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-29209

Опубликовано: 25 мая 2021
Источник: nvd
CVSS3: 4.8
CVSS2: 3.5
EPSS Низкий

Описание

A remote dom xss, crlf injection vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380 Gen10 H version(s): Prior to version 2.78.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:hp:integrated_lights-out_4:*:*:*:*:*:*:*:*
Версия до 2.78 (исключая)
cpe:2.3:h:hp:simplivity_380_gen9:-:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:o:hp:integrated_lights-out_5:*:*:*:*:*:*:*:*
Версия до 2.44 (исключая)

Одно из

cpe:2.3:h:hp:proliant_bl460c_gen10_server_blade:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:proliant_dl120_gen10_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:proliant_dl160_gen10_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:proliant_dl180_gen10_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:proliant_dl20_gen10_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:proliant_dl325_gen10_plus_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:proliant_dl325_gen10_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:proliant_dl360_gen10_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:proliant_dl380_gen10_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:proliant_dl385_gen10_plus_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:proliant_dl385_gen10_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:proliant_dl560_gen10_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:proliant_dl580_gen10_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:proliant_ml110_gen10_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:proliant_ml30_gen10_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:proliant_ml350_gen10_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:proliant_xl170r_gen10_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:proliant_xl190r_gen10_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:proliant_xl230k_gen10_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:proliant_xl270d_gen10_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:proliant_xl450_gen10_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:simplivity_2600:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:simplivity_325:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:simplivity_380_gen10:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:simplivity_380_gen10_g:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:simplivity_380_gen10_h:-:*:*:*:*:*:*:*

EPSS

Процентиль: 50%
0.00268
Низкий

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-74

Связанные уязвимости

github логотип

GHSA-g893-jc4j-x5c6

CVSS3: 4.8
github
больше 3 лет назад

A remote dom xss, crlf injection vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380 Gen10 H version(s): Prior to version 2.78.

EPSS

Процентиль: 50%
0.00268
Низкий

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-74