CVE-2021-26589

A potential security vulnerability has been identified in HPE Superdome Flex Servers. The vulnerability could be remotely exploited to allow Cross Site Scripting (XSS) because the Session Cookie is missing an HttpOnly Attribute. HPE has provided a firmware update to resolve the vulnerability in HPE Superdome Flex Servers.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:hpe:superdome_flex_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hpe:superdome_flex:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:hpe:superdome_flex_280_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hpe:superdome_flex_280:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-10-19 15:15

Updated : 2024-02-28 18:48


NVD link : CVE-2021-26589

Mitre link : CVE-2021-26589

CVE.ORG link : CVE-2021-26589


JSON object : View

Products Affected

hpe

  • superdome_flex
  • superdome_flex_firmware
  • superdome_flex_280_firmware
  • superdome_flex_280
CWE
CWE-732

Incorrect Permission Assignment for Critical Resource