CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 0CVE-2021-26587
https://notcve.org/view.php?id=CVE-2021-26587
A potential DOM-based Cross Site Scripting security vulnerability has been identified in HPE StoreOnce. The vulnerability could be remotely exploited to cause an elevation of privilege leading to partial impact to confidentiality, availability, and integrity. HPE has made the following software update - HPE StoreOnce 4.3.0, to resolve the vulnerability in HPE StoreOnce. Se ha identificado una posible vulnerabilidad de seguridad de tipo Cross Site Scripting basada en DOM en HPE StoreOnce. La vulnerabilidad podría ser explotada remotamente para causar una elevación de privilegios que conlleva a un impacto parcial en la confidencialidad, la disponibilidad y la integridad. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst04176en_us • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0CVE-2021-33895
https://notcve.org/view.php?id=CVE-2021-33895
ETINET BACKBOX E4.09 and H4.09 mismanages password access control. When a user uses the User ID of the process running BBSV to login to the Backbox UI application, the system procedure (USER_AUTHENTICATE_) used for verifying the Password returns 0 (no error). The reason is that the user is not running the XYGate application. Hence, BBSV assumes the Password is correct. For H4.09, the affected version isT0954V04^AAO. • https://etinet.com/products/backbox-virtual-tape-controller https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbns04172en_us • CWE-287: Improper Authentication •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-26585
https://notcve.org/view.php?id=CVE-2021-26585
A potential vulnerability has been identified in HPE OneView Global Dashboard release 2.31 which could lead to a local disclosure of privileged information. HPE has provided an update to OneView Global Dashboard. The issue is resolved in 2.32. Una vulnerabilidad potencial ha sido identificada en HPE OneView Global Dashboard versión 2.31, que podría conllevar a una divulgación de información local privilegiada. HPE ha proporcionado una actualización de OneView Global Dashboard. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04162en_us •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-26581
https://notcve.org/view.php?id=CVE-2021-26581
A potential security vulnerability has been identified in HPE Superdome Flex server. A denial of service attack can be remotely exploited leaving hung connections to the BMC web interface. The monarch BMC must be rebooted to recover from this situation. Other BMC management is not impacted. HPE has made the following software update to resolve the vulnerability in HPE Superdome Flex Server: Superdome Flex Server Firmware 3.30.142 or later. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04102en_us •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-26580
https://notcve.org/view.php?id=CVE-2021-26580
A potential security vulnerability has been identified in HPE iLO Amplifier Pack. The vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS). HPE has provided the following software update to resolve the vulnerability in HPE iLO Amplifier Pack: HPE iLO Amplifier Pack 1.95 or later. Se ha identificado una posible vulnerabilidad de seguridad en HPE iLO Amplifier Pack. La vulnerabilidad podría ser explotada remotamente para permitir el Cross-Site Scripting (XSS). • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04107en_us • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •