CVE-2021-26589: XSS
First published: Tue Oct 19 2021(Updated: )
A potential security vulnerability has been identified in HPE Superdome Flex Servers. The vulnerability could be remotely exploited to allow Cross Site Scripting (XSS) because the Session Cookie is missing an HttpOnly Attribute. HPE has provided a firmware update to resolve the vulnerability in HPE Superdome Flex Servers.
Credit: security-alert@hpe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| HPE Superdome Flex firmware | <3.40.106 | |
| HPE Superdome Flex | ||
| Hpe Superdome Flex 280 Firmware | <3.40.106 | |
| Hpe Superdome Flex 280 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-26589?
CVE-2021-26589 is a potential security vulnerability that has been identified in HPE Superdome Flex Servers.
How can CVE-2021-26589 be exploited?
CVE-2021-26589 can be remotely exploited to allow Cross Site Scripting (XSS) because the Session Cookie is missing an HttpOnly Attribute.
What is the severity of CVE-2021-26589?
CVE-2021-26589 has a severity rating of 6.1, which is considered medium.
How do I fix CVE-2021-26589?
To fix CVE-2021-26589, HPE has provided a firmware update for HPE Superdome Flex Servers.
Where can I find more information about CVE-2021-26589?
You can find more information about CVE-2021-26589 on the HPE support website.
- collector/nvd-index
- agent/author
- agent/severity
- agent/weakness
- agent/references
- agent/description
- agent/type
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/hpe
- canonical/hpe superdome flex firmware
- canonical/hpe superdome flex
- canonical/hpe superdome flex 280 firmware
- canonical/hpe superdome flex 280