Cross-Site Scripting Vulnerability in HPE IceWall SSO Domain Gateway
CVE-2021-26582

6.1MEDIUM

Key Information:

Vendor: HP
Status: Icewall Sso Dgfw
Vendor: CVE Published:; 15 April 2021

Summary

A security vulnerability has been identified in the HPE IceWall SSO Domain Gateway that may allow attackers to perform cross-site scripting (XSS) attacks. This flaw impacts multiple versions of the product across various operating systems, enabling remote exploitation. An attacker could potentially inject malicious scripts into web pages viewed by users, posing a risk to data integrity and user confidentiality. Organizations using this software should prioritize patching to mitigate potential security threats.

Affected Version(s)

IceWall SSO Dgfw IceWall SSO Dgfw 10.0 (RHEL, HP-UX, Windows) and IceWall SSO Dgfw 11.0 (Windows)

References

https://support.hpe.com/hpsc/doc/public/display?docLocale...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 15, 2021
Vulnerability Reserved
Feb 2, 2021