FKIE_CVE-2021-26587

Vulnerability from fkie_nvd - Published: 2021-09-27 15:15 - Updated: 2024-11-21 05:56
Severity
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Summary
A potential DOM-based Cross Site Scripting security vulnerability has been identified in HPE StoreOnce. The vulnerability could be remotely exploited to cause an elevation of privilege leading to partial impact to confidentiality, availability, and integrity. HPE has made the following software update - HPE StoreOnce 4.3.0, to resolve the vulnerability in HPE StoreOnce.
References
security-alert@hpe.comhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst04176en_usVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst04176en_usVendor Advisory
Impacted products
Vendor Product Version
hpe storeonce_5200_firmware *
hpe storeonce_5200 -
hpe storeonce_5650_firmware *
hpe storeonce_5650 -
hpe storeonce_5250_firmware *
hpe storeonce_5250 -
hpe storeonce_3640_firmware *
hpe storeonce_3640 -
hpe storeonce_3620_firmware *
hpe storeonce_3620 -
hpe storeonce_vsa_4tb_firmware *
hpe storeonce_vsa_4tb -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hpe:storeonce_5200_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "53AB0828-FF53-4733-BE40-5EF0EBCE5D90",
              "versionEndIncluding": "4.2.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hpe:storeonce_5200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "279A8D38-05FA-452D-AAC4-BA58FD5DD04C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hpe:storeonce_5650_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "429ED84E-7274-4FFC-A57A-C8CAA91FB5D9",
              "versionEndIncluding": "4.2.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hpe:storeonce_5650:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EDCC6E4-0E66-4263-A610-D17ACC072A1F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hpe:storeonce_5250_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "53741142-DFCA-42DB-A666-6784FB659DBA",
              "versionEndIncluding": "4.2.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hpe:storeonce_5250:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "398942BB-98D1-4CBD-9A65-A05F979806EF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hpe:storeonce_3640_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEAA609A-AD41-4097-8112-990AEB5B5565",
              "versionEndIncluding": "4.2.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hpe:storeonce_3640:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "963FF36A-EB2F-4828-BCAC-9E22F8F4F838",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hpe:storeonce_3620_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1F673C7-3DA8-4F12-ACAE-2CDB09086B60",
              "versionEndIncluding": "4.2.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hpe:storeonce_3620:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "80CE5CAD-48C5-4FAE-B3DD-DF96BFB516B4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hpe:storeonce_vsa_4tb_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6B31C2D-8038-414D-88A0-95965AF6D90A",
              "versionEndIncluding": "4.2.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hpe:storeonce_vsa_4tb:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F7C0CF6-31B7-4D24-93D7-3E4EEB5281A9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A potential DOM-based Cross Site Scripting security vulnerability has been identified in HPE StoreOnce. The vulnerability could be remotely exploited to cause an elevation of privilege leading to partial impact to confidentiality, availability, and integrity. HPE has made the following software update - HPE StoreOnce 4.3.0, to resolve the vulnerability in HPE StoreOnce."
    },
    {
      "lang": "es",
      "value": "Se ha identificado una posible vulnerabilidad de seguridad de tipo Cross Site Scripting basada en DOM en HPE StoreOnce. La vulnerabilidad podr\u00eda ser explotada remotamente para causar una elevaci\u00f3n de privilegios que conlleva a un impacto parcial en la confidencialidad, la disponibilidad y la integridad. HPE ha realizado la siguiente actualizaci\u00f3n de software - HPE StoreOnce versi\u00f3n 4.3.0, para resolver la vulnerabilidad en HPE StoreOnce"
    }
  ],
  "id": "CVE-2021-26587",
  "lastModified": "2024-11-21T05:56:32.260",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 3.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-09-27T15:15:07.513",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst04176en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst04176en_us"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.