CVE-2021-29209: XSS
First published: Tue May 25 2021(Updated: )
A remote dom xss, crlf injection vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380 Gen10 H version(s): Prior to version 2.78.
Credit: security-alert@hpe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| HP Integrated Lights-Out 4 Firmware | <2.78 | |
| HP SimpliVity 380 Gen9 Firmware | ||
| HP Integrated Lights-Out 5 firmware | <2.44 | |
| HPE ProLiant BL460c Gen10 Server Blade | ||
| HP ProLiant dl120 Gen10 | ||
| HP ProLiant dl160 Gen10 | ||
| HP ProLiant DL180 Gen10 | ||
| HPE ProLiant DL20 Gen10 Server firmware | ||
| HPE ProLiant DL325 Gen10 Plus Server | ||
| HPE ProLiant DL325 Gen10 Server | ||
| HPE ProLiant DL360 Gen10 Server | ||
| HPE ProLiant DL380 Gen10 Server | ||
| HPE ProLiant DL385 Gen10 Plus Server | ||
| HP ProLiant dl385 Gen10 | ||
| HP ProLiant dl560 Gen10 | ||
| HP ProLiant dl580 Gen10 | ||
| HP ProLiant ML110 Gen10 | ||
| HPE ProLiant ML30 Gen10 Server | ||
| HP ProLiant ML350 Gen10 | ||
| HP ProLiant xl170r Gen10 | ||
| HPE ProLiant XL190r Gen10 Server | ||
| HP ProLiant xl230k Gen10 | ||
| HPE ProLiant XL270d Gen10 Server | ||
| HPE ProLiant XL450 Gen10 Server | ||
| HP SimpliVity 2600 | ||
| HPE SimpliVity 325 Gen10 | ||
| HP SimpliVity 380 Gen10 g | ||
| HPE SimpliVity 380 Gen10 | ||
| HPE SimpliVity 380 Gen10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this HPE Integrated Lights-Out vulnerability?
The vulnerability ID is CVE-2021-29209.
What is the severity of CVE-2021-29209?
The severity of CVE-2021-29209 is medium (4.8).
What software is affected by CVE-2021-29209?
HPE Integrated Lights-Out 4 (iLO 4), HPE SimpliVity 380 Gen9, HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers, HPE SimpliVity 380 Gen10, HPE SimpliVity 2600, HPE SimpliVity 380 Gen10 G, HPE SimpliVity 325, HPE SimpliVity 380 Gen10 H are affected by CVE-2021-29209.
What is the vulnerability type of CVE-2021-29209?
CVE-2021-29209 is a remote DOM XSS and CRLF injection vulnerability.
How can I fix CVE-2021-29209?
To fix CVE-2021-29209, it is recommended to apply the necessary updates provided by HPE. Please refer to the official reference link for more information.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/references
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/hp
- canonical/hp integrated lights-out 4 firmware
- canonical/hp simplivity 380 gen9 firmware
- canonical/hp integrated lights-out 5 firmware
- canonical/hpe proliant bl460c gen10 server blade
- canonical/hp proliant dl120 gen10
- canonical/hp proliant dl160 gen10
- canonical/hp proliant dl180 gen10
- canonical/hpe proliant dl20 gen10 server firmware
- canonical/hpe proliant dl325 gen10 plus server
- canonical/hpe proliant dl325 gen10 server
- canonical/hpe proliant dl360 gen10 server
- canonical/hpe proliant dl380 gen10 server
- canonical/hpe proliant dl385 gen10 plus server
- canonical/hp proliant dl385 gen10
- canonical/hp proliant dl560 gen10
- canonical/hp proliant dl580 gen10
- canonical/hp proliant ml110 gen10
- canonical/hpe proliant ml30 gen10 server
- canonical/hp proliant ml350 gen10
- canonical/hp proliant xl170r gen10
- canonical/hpe proliant xl190r gen10 server
- canonical/hp proliant xl230k gen10
- canonical/hpe proliant xl270d gen10 server
- canonical/hpe proliant xl450 gen10 server
- canonical/hp simplivity 2600
- canonical/hpe simplivity 325 gen10
- canonical/hp simplivity 380 gen10 g
- canonical/hpe simplivity 380 gen10