Remote DOM XSS and CRLF Injection Vulnerability in HPE iLO and SimpliVity Products
CVE-2021-29209
Key Information:
- Vendor
HP
- Vendor
- CVE Published:
- 25 May 2021
What is CVE-2021-29209?
A remote DOM XSS and CRLF injection vulnerability has been identified in HPE Integrated Lights-Out (iLO) 4 and 5, as well as HPE SimpliVity products. This weakness can allow an attacker to inject malicious scripts or manipulate response headers, potentially compromising the security of systems running affected versions prior to 2.78. Users are advised to update to the latest versions to mitigate the risks associated with these vulnerabilities. For detailed information and remedial measures, refer to HPE's official support documentation.
Affected Version(s)
HPE Integrated Lights-Out 4 (iLO 4) For HPE Gen9 servers; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers Prior to HPE Integrated Lights-Out 4 (iLO 4) version 2.78
HPE Integrated Lights-Out 4 (iLO 4) For HPE Gen9 servers; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers Prior to HPE Integrated Lights-Out 5 (iLO 5) version 2.44
HPE Integrated Lights-Out 4 (iLO 4) For HPE Gen9 servers; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers = unspecified