CVE-2022-37939
https://notcve.org/view.php?id=CVE-2022-37939
A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 servers. The vulnerability could be locally exploited to allow disclosure of information. HPE has made the following software to resolve the vulnerability in HPE Superdome Flex Servers v3.65.8 and Superdome Flex 280 Servers v1.45.8. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04453en_us •
CVE-2022-37933
https://notcve.org/view.php?id=CVE-2022-37933
A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 servers. The vulnerability could be exploited to allow local unauthorized data injection. HPE has made the following software updates to resolve the vulnerability in HPE Superdome Flex firmware 3.60.50 and below and Superdome Flex 280 servers firmware 1.40.60 and below. Se ha identificado una posible vulnerabilidad de seguridad en los servidores HPE Superdome Flex y Superdome Flex 280. La vulnerabilidad podría explotarse para permitir la inyección local de datos no autorizados. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04400en_us • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2022-23702
https://notcve.org/view.php?id=CVE-2022-23702
A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 Servers. The vulnerability could be locally exploited to allow an user with Administrator access to escalate their privilege. The vulnerability is resolved in the latest firmware update. HPE Superdome Flex Server Version 3.50.58 or later, HPE Superdome Flex 280 Server Version 1.20.204 or later. Se ha identificado una posible vulnerabilidad de seguridad en los servidores HPE Superdome Flex y Superdome Flex 280. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04266en_us •
CVE-2021-26589
https://notcve.org/view.php?id=CVE-2021-26589
A potential security vulnerability has been identified in HPE Superdome Flex Servers. The vulnerability could be remotely exploited to allow Cross Site Scripting (XSS) because the Session Cookie is missing an HttpOnly Attribute. HPE has provided a firmware update to resolve the vulnerability in HPE Superdome Flex Servers. Se ha identificado una posible vulnerabilidad de seguridad en los servidores HPE Superdome Flex. La vulnerabilidad podría ser explotada remotamente para permitir un ataque de tipo Cross Site Scripting (XSS) porque la Cookie de Sesión carece de un Atributo HttpOnly. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04199en_us • CWE-732: Incorrect Permission Assignment for Critical Resource •