CVE-2021-29214

2021-12-1016:41:37

hpe

www.cve.org

hpe storeserv

management console

security vulnerability

privilege elevation

ssmc

code injection

cve-2021-29214

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

42.8%

JSON

A security vulnerability has been identified in HPE StoreServ Management Console (SSMC). An authenticated SSMC administrator could exploit the vulnerability to inject code and elevate their privilege in SSMC. The scope of this vulnerability is limited to SSMC. Note: The arrays being managed are not impacted by this vulnerability. This vulnerability impacts SSMC versions 3.4 GA to 3.8.1.

CNA Affected

[
  {
    "product": "HPE StoreServ Management Console (SSMC); HPE 3PAR StoreServ Management and Core Software Media",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "3.4 GA to 3.8.1"
      }
    ]
  }
]

References

support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst04207en_us