CVE-2021-26589

A potential security vulnerability has been identified in HPE Superdome Flex Servers. The vulnerability could be remotely exploited to allow Cross Site Scripting (XSS) because the Session Cookie is missing an HttpOnly Attribute. HPE has provided a firmware update to resolve the vulnerability in HPE Superdome Flex Servers.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:hpe:superdome_flex_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hpe:superdome_flex:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:hpe:superdome_flex_280_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hpe:superdome_flex_280:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:56

Type Values Removed Values Added
References () https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04199en_us - Vendor Advisory () https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04199en_us - Vendor Advisory

Information

Published : 2021-10-19 15:15

Updated : 2024-11-21 05:56


NVD link : CVE-2021-26589

Mitre link : CVE-2021-26589

CVE.ORG link : CVE-2021-26589


JSON object : View

Products Affected

hpe

  • superdome_flex_280_firmware
  • superdome_flex_280
  • superdome_flex_firmware
  • superdome_flex
CWE
CWE-732

Incorrect Permission Assignment for Critical Resource