Vulnerability Description
A potential DOM-based Cross Site Scripting security vulnerability has been identified in HPE StoreOnce. The vulnerability could be remotely exploited to cause an elevation of privilege leading to partial impact to confidentiality, availability, and integrity. HPE has made the following software update - HPE StoreOnce 4.3.0, to resolve the vulnerability in HPE StoreOnce.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hpe | Storeonce 5200 Firmware | <= 4.2.3 |
| Hpe | Storeonce 5200 | - |
| Hpe | Storeonce 5650 Firmware | <= 4.2.3 |
| Hpe | Storeonce 5650 | - |
| Hpe | Storeonce 5250 Firmware | <= 4.2.3 |
| Hpe | Storeonce 5250 | - |
| Hpe | Storeonce 3640 Firmware | <= 4.2.3 |
| Hpe | Storeonce 3640 | - |
| Hpe | Storeonce 3620 Firmware | <= 4.2.3 |
| Hpe | Storeonce 3620 | - |
| Hpe | Storeonce Vsa 4Tb Firmware | <= 4.2.3 |
| Hpe | Storeonce Vsa 4Tb | - |
Related Weaknesses (CWE)
References
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpeVendor Advisory
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpeVendor Advisory
FAQ
What is CVE-2021-26587?
CVE-2021-26587 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A potential DOM-based Cross Site Scripting security vulnerability has been identified in HPE StoreOnce. The vulnerability could be remotely exploited to cause an elevation of privilege leading to part...
How severe is CVE-2021-26587?
CVE-2021-26587 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-26587?
Check the references section above for vendor advisories and patch information. Affected products include: Hpe Storeonce 5200 Firmware, Hpe Storeonce 5200, Hpe Storeonce 5650 Firmware, Hpe Storeonce 5650, Hpe Storeonce 5250 Firmware.