CVE-2021-25128: Path Traversal
First published: Fri Jan 29 2021(Updated: )
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local spx_restservice gethelpdata_func function path traversal vulnerability.
Credit: security-alert@hpe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hpe Cloudline Cl3100 Gen10 Server Firmware | =1.08.0.0 | |
| Hpe Cloudline Cl3100 Gen10 Server Firmware | =1.10.0.0 | |
| HPE Cloudline CL3100 Gen10 Server | ||
| Hpe Cloudline Cl4100 Gen10 Server Firmware | =1.08.0.0 | |
| Hpe Cloudline Cl4100 Gen10 Server Firmware | =1.10.0.0 | |
| HPE Cloudline CL4100 Gen10 Server | ||
| Hpe Cloudline Cl5200 Gen9 Server Firmware | =1.07.0.0 | |
| HPE Cloudline CL5200 Gen9 Server | ||
| Hpe Cloudline Cl5800 Gen10 Server Firmware | =1.08.0.0 | |
| HPE Cloudline CL5800 Gen10 Server | ||
| Hpe Cloudline Cl5800 Gen9 Server Firmware | =1.09.0.0 | |
| HPE Cloudline CL5800 Gen9 Server |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2021-25128.
Which servers are affected by this vulnerability?
HPE Cloudline CL5800 Gen9 Server, HPE Cloudline CL5200 Gen9 Server, HPE Cloudline CL4100 Gen10 Server, HPE Cloudline CL3100 Gen10 Server, HPE Cloudline CL5800 Gen10 Server are affected by this vulnerability.
What is the severity of CVE-2021-25128?
The severity of CVE-2021-25128 is high, with a CVSS score of 7.8.
What is the CWE ID for this vulnerability?
The CWE ID for this vulnerability is CWE-22.
How can I fix CVE-2021-25128?
To fix CVE-2021-25128, update the BMC firmware to a version that resolves the vulnerability.
- collector/nvd-index
- agent/author
- agent/severity
- agent/weakness
- agent/type
- agent/description
- agent/event
- agent/references
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/hpe
- canonical/hpe cloudline cl3100 gen10 server firmware
- version/hpe cloudline cl3100 gen10 server firmware/1.08.0.0
- version/hpe cloudline cl3100 gen10 server firmware/1.10.0.0
- canonical/hpe cloudline cl3100 gen10 server
- canonical/hpe cloudline cl4100 gen10 server firmware
- version/hpe cloudline cl4100 gen10 server firmware/1.08.0.0
- version/hpe cloudline cl4100 gen10 server firmware/1.10.0.0
- canonical/hpe cloudline cl4100 gen10 server
- canonical/hpe cloudline cl5200 gen9 server firmware
- version/hpe cloudline cl5200 gen9 server firmware/1.07.0.0
- canonical/hpe cloudline cl5200 gen9 server
- canonical/hpe cloudline cl5800 gen10 server firmware
- version/hpe cloudline cl5800 gen10 server firmware/1.08.0.0
- canonical/hpe cloudline cl5800 gen10 server
- canonical/hpe cloudline cl5800 gen9 server firmware
- version/hpe cloudline cl5800 gen9 server firmware/1.09.0.0
- canonical/hpe cloudline cl5800 gen9 server