Cross Site Scripting Vulnerability in HPE Superdome Flex Servers
CVE-2021-26589

6.1MEDIUM

Key Information:

Vendor: HP
Status: HP Superdome Flex Server
Vendor: CVE Published:; 19 October 2021

Summary

A security vulnerability in HPE Superdome Flex Servers has been identified that could be exploited remotely through Cross Site Scripting (XSS). The root cause is related to the Session Cookie lacking an HttpOnly Attribute, which potentially exposes sensitive data to attackers. HPE has issued a firmware update to address and mitigate this issue, improving the overall security posture of the affected servers.

Affected Version(s)

HPE Superdome Flex Server Prior to Version 3.40.106

References

https://support.hpe.com/hpsc/doc/public/display?docLocale...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 19, 2021
Vulnerability Reserved
Feb 2, 2021