2 results (0.004 seconds)

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 servers. The vulnerability could be exploited to allow local unauthorized data injection. HPE has made the following software updates to resolve the vulnerability in HPE Superdome Flex firmware 3.60.50 and below and Superdome Flex 280 servers firmware 1.40.60 and below. Se ha identificado una posible vulnerabilidad de seguridad en los servidores HPE Superdome Flex y Superdome Flex 280. La vulnerabilidad podría explotarse para permitir la inyección local de datos no autorizados. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04400en_us • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0

A potential security vulnerability has been identified in HPE Superdome Flex Servers. The vulnerability could be remotely exploited to allow Cross Site Scripting (XSS) because the Session Cookie is missing an HttpOnly Attribute. HPE has provided a firmware update to resolve the vulnerability in HPE Superdome Flex Servers. Se ha identificado una posible vulnerabilidad de seguridad en los servidores HPE Superdome Flex. La vulnerabilidad podría ser explotada remotamente para permitir un ataque de tipo Cross Site Scripting (XSS) porque la Cookie de Sesión carece de un Atributo HttpOnly. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04199en_us • CWE-732: Incorrect Permission Assignment for Critical Resource •