Vulnerability Description
A potential security vulnerability has been identified in HPE Superdome Flex Servers. The vulnerability could be remotely exploited to allow Cross Site Scripting (XSS) because the Session Cookie is missing an HttpOnly Attribute. HPE has provided a firmware update to resolve the vulnerability in HPE Superdome Flex Servers.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hpe | Superdome Flex Firmware | < 3.40.106 |
| Hpe | Superdome Flex | - |
| Hpe | Superdome Flex 280 Firmware | < 3.40.106 |
| Hpe | Superdome Flex 280 | - |
Related Weaknesses (CWE)
References
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpeVendor Advisory
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpeVendor Advisory
FAQ
What is CVE-2021-26589?
CVE-2021-26589 is a vulnerability with a CVSS score of 6.1 (MEDIUM). A potential security vulnerability has been identified in HPE Superdome Flex Servers. The vulnerability could be remotely exploited to allow Cross Site Scripting (XSS) because the Session Cookie is mi...
How severe is CVE-2021-26589?
CVE-2021-26589 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-26589?
Check the references section above for vendor advisories and patch information. Affected products include: Hpe Superdome Flex Firmware, Hpe Superdome Flex, Hpe Superdome Flex 280 Firmware, Hpe Superdome Flex 280.