CVE-2021-26587: XSS
First published: Mon Sep 27 2021(Updated: )
A potential DOM-based Cross Site Scripting security vulnerability has been identified in HPE StoreOnce. The vulnerability could be remotely exploited to cause an elevation of privilege leading to partial impact to confidentiality, availability, and integrity. HPE has made the following software update - HPE StoreOnce 4.3.0, to resolve the vulnerability in HPE StoreOnce.
Credit: security-alert@hpe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hpe Storeonce 5200 Firmware | <=4.2.3 | |
| Hpe Storeonce 5200 | ||
| Hpe Storeonce 5650 Firmware | <=4.2.3 | |
| Hpe Storeonce 5650 | ||
| Hpe Storeonce 5250 Firmware | <=4.2.3 | |
| Hpe Storeonce 5250 | ||
| Hpe Storeonce 3640 Firmware | <=4.2.3 | |
| Hpe Storeonce 3640 | ||
| Hpe Storeonce 3620 Firmware | <=4.2.3 | |
| Hpe Storeonce 3620 | ||
| Hpe Storeonce Vsa 4tb Firmware | <=4.2.3 | |
| Hpe Storeonce Vsa 4tb |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-26587?
CVE-2021-26587 is a potential DOM-based Cross Site Scripting security vulnerability in HPE StoreOnce.
How can the vulnerability be exploited?
The vulnerability could be remotely exploited to cause an elevation of privilege leading to partial impact to confidentiality, availability, and integrity.
Which software versions are affected by CVE-2021-26587?
Hpe Storeonce 5200 Firmware version up to and including 4.2.3, Hpe Storeonce 5650 Firmware version up to and including 4.2.3, Hpe Storeonce 5250 Firmware version up to and including 4.2.3, Hpe Storeonce 3640 Firmware version up to and including 4.2.3, Hpe Storeonce 3620 Firmware version up to and including 4.2.3, Hpe Storeonce Vsa 4tb Firmware version up to and including 4.2.3.
What is the severity rating of CVE-2021-26587?
The severity rating of CVE-2021-26587 is medium, with a severity value of 6.5.
How can I fix CVE-2021-26587?
To fix CVE-2021-26587, users should apply the recommended software updates provided by HPE.
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/description
- agent/type
- agent/event
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/hpe
- canonical/hpe storeonce 5200 firmware
- version/hpe storeonce 5200 firmware/4.2.3
- canonical/hpe storeonce 5200
- canonical/hpe storeonce 5650 firmware
- version/hpe storeonce 5650 firmware/4.2.3
- canonical/hpe storeonce 5650
- canonical/hpe storeonce 5250 firmware
- version/hpe storeonce 5250 firmware/4.2.3
- canonical/hpe storeonce 5250
- canonical/hpe storeonce 3640 firmware
- version/hpe storeonce 3640 firmware/4.2.3
- canonical/hpe storeonce 3640
- canonical/hpe storeonce 3620 firmware
- version/hpe storeonce 3620 firmware/4.2.3
- canonical/hpe storeonce 3620
- canonical/hpe storeonce vsa 4tb firmware
- version/hpe storeonce vsa 4tb firmware/4.2.3
- canonical/hpe storeonce vsa 4tb