CVE-2021-29218

Опубликовано: 04 фев. 2022

Источник: nvd

CVSS3: 6.7

CVSS2: 4.6

EPSS Низкий

Описание

A local unquoted search path security vulnerability has been identified in HPE Agentless Management Service for Windows version(s): Prior to 1.44.0.0, 10.96.0.0. This vulnerability could be exploited locally by a user with high privileges to execute malware that may lead to a loss of confidentiality, integrity, and availability. HPE has provided software updates to resolve the vulnerability in HPE Agentless Management Service for Windows.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:hpe:agentless_management:*:*:*:*:*:*:*:*

Версия до 1.44.0.0 (исключая)

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:x64:*

Конфигурация 2

Одновременно

cpe:2.3:a:hpe:proliant_agentless_management:*:*:*:*:*:*:*:*

Версия до 10.96.0.0 (исключая)

Одно из

cpe:2.3:h:hpe:apollo_20:-:*:*:*:*:*:*:*

cpe:2.3:h:hpe:apollo_2000_gen_10_plus:-:*:*:*:*:*:*:*

cpe:2.3:h:hpe:apollo_6500:-:*:*:*:*:*:*:*

cpe:2.3:h:hpe:apollo_6500_gen10_plus:-:*:*:*:*:*:*:*

cpe:2.3:h:hpe:apollo_80:-:*:*:*:*:*:*:*

cpe:2.3:h:hpe:proliant_dl:-:*:*:*:*:*:*:*

cpe:2.3:h:hpe:proliant_ml:-:*:*:*:*:*:*:*

cpe:2.3:h:hpe:synergy_480_gen9:-:*:*:*:*:*:*:*

cpe:2.3:h:hpe:synergy_620_gen9:-:*:*:*:*:*:*:*

cpe:2.3:h:hpe:synergy_660_gen9:-:*:*:*:*:*:*:*

cpe:2.3:h:hpe:synergy_680_gen9:-:*:*:*:*:*:*:*

EPSS

Процентиль: 20%

0.00065

Низкий

6.7 Medium

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-428

Связанные уязвимости

GHSA-p267-5w4m-pprh

github

почти 4 года назад