A remote unauthenticated directory traversal security vulnerability has been identified in HPE iLO Amplifier Pack versions 1.80, 1.81, 1.90 and 1.95. The vulnerability could be remotely exploited to allow an unauthenticated user to run arbitrary code leading complete impact to confidentiality, integrity, and availability of the iLO Amplifier Pack appliance.
References
| Link | Resource |
|---|---|
| https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04189en_us | Vendor Advisory |
| https://www.zerodayinitiative.com/advisories/ZDI-21-1278/ | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
History
03 Dec 2021, 21:09
| Type | Values Removed | Values Added |
|---|---|---|
| References | (MISC) https://www.zerodayinitiative.com/advisories/ZDI-21-1278/ - Third Party Advisory, VDB Entry |
05 Nov 2021, 15:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
02 Nov 2021, 18:06
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-22 | |
| References | (MISC) https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04189en_us - Vendor Advisory | |
| CVSS |
v2 : v3 : |
v2 : 10.0
v3 : 9.8 |
| CPE | cpe:2.3:a:hp:ilo_amplifier_pack:1.80:*:*:*:*:*:*:* cpe:2.3:a:hp:ilo_amplifier_pack:1.81:*:*:*:*:*:*:* cpe:2.3:a:hp:ilo_amplifier_pack:1.95:*:*:*:*:*:*:* cpe:2.3:a:hp:ilo_amplifier_pack:1.90:*:*:*:*:*:*:* |
01 Nov 2021, 14:44
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2021-11-01 14:15
Updated : 2023-12-10 14:09
NVD link : CVE-2021-29212
Mitre link : CVE-2021-29212
CVE.ORG link : CVE-2021-29212
JSON object : View
Products Affected
hp
- ilo_amplifier_pack
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')