CVE-2021-25129

The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local spx_restservice getvideodata_func function path traversal vulnerability.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:hpe:cloudline_cl3100_gen10_server_firmware:1.08.0.0:*:*:*:*:*:*:*
cpe:2.3:o:hpe:cloudline_cl3100_gen10_server_firmware:1.10.0.0:*:*:*:*:*:*:*
cpe:2.3:h:hpe:cloudline_cl3100_gen10_server:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:hpe:cloudline_cl4100_gen10_server_firmware:1.08.0.0:*:*:*:*:*:*:*
cpe:2.3:o:hpe:cloudline_cl4100_gen10_server_firmware:1.10.0.0:*:*:*:*:*:*:*
cpe:2.3:h:hpe:cloudline_cl4100_gen10_server:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:hpe:cloudline_cl5200_gen9_server_firmware:1.07.0.0:*:*:*:*:*:*:*
cpe:2.3:h:hpe:cloudline_cl5200_gen9_server:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:hpe:cloudline_cl5800_gen10_server_firmware:1.08.0.0:*:*:*:*:*:*:*
cpe:2.3:h:hpe:cloudline_cl5800_gen10_server:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:hpe:cloudline_cl5800_gen9_server_firmware:1.09.0.0:*:*:*:*:*:*:*
cpe:2.3:h:hpe:cloudline_cl5800_gen9_server:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-01-29 19:15

Updated : 2024-02-28 18:08


NVD link : CVE-2021-25129

Mitre link : CVE-2021-25129

CVE.ORG link : CVE-2021-25129


JSON object : View

Products Affected

hpe

  • cloudline_cl3100_gen10_server_firmware
  • cloudline_cl4100_gen10_server
  • cloudline_cl3100_gen10_server
  • cloudline_cl5800_gen10_server
  • cloudline_cl4100_gen10_server_firmware
  • cloudline_cl5200_gen9_server
  • cloudline_cl5800_gen9_server
  • cloudline_cl5200_gen9_server_firmware
  • cloudline_cl5800_gen9_server_firmware
  • cloudline_cl5800_gen10_server_firmware
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')