CVE-2021-26587
Last modified
CVE-2021-26587 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. A potential DOM-based Cross Site Scripting security vulnerability has been identified in HPE StoreOnce. The vulnerability could be remotely exploited to cause an elevation of privilege leading to partial impact to confidentiality, availability, and integrity. EPSS estimates a 0.48% chance of exploitation in the next 30 days.
Description
A potential DOM-based Cross Site Scripting security vulnerability has been identified in HPE StoreOnce. The vulnerability could be remotely exploited to cause an elevation of privilege leading to partial impact to confidentiality, availability, and integrity. HPE has made the following software update - HPE StoreOnce 4.3.0, to resolve the vulnerability in HPE StoreOnce.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Hpe | Storeonce 5200 Firmware | <= 4.2.3 |
| Hpe | Storeonce 5650 Firmware | <= 4.2.3 |
| Hpe | Storeonce 5250 Firmware | <= 4.2.3 |
| Hpe | Storeonce 3640 Firmware | <= 4.2.3 |
| Hpe | Storeonce 3620 Firmware | <= 4.2.3 |
| Hpe | Storeonce Vsa 4tb Firmware | <= 4.2.3 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-26587?
How severe is CVE-2021-26587?
How do I fix CVE-2021-26587?
Are you affected by CVE-2021-26587?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST