CVE-2021-29205

2021-05-2513:37:43

hpe

www.cve.org

xss vulnerability

hpe integrated lights-out

simplivity

gen9

gen10 servers

version 2.78

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

31.1%

JSON

A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380 Gen10 H version(s): Prior to version 2.78.

CNA Affected

[
  {
    "product": "HPE Integrated Lights-Out 4 (iLO 4) For HPE Gen9 servers; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Prior to HPE Integrated Lights-Out 4 (iLO 4) version 2.78"
      },
      {
        "status": "affected",
        "version": "Prior to HPE Integrated Lights-Out 5 (iLO 5) version 2.44"
      },
      {
        "status": "affected",
        "version": "unspecified"
      }
    ]
  }
]

References

support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04134en_us