CVE-2021-46846

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2021-46846
Cross Site Scripting vulnerability in Hewlett Packard Enterprise Integrated Lights-Out 5.

6.1 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04133en_us Vendor Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:h:hp:3par_service_processor:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:apollo_r2000_chassis:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:apollo_2000_gen10_plus_system:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:apollo_4200_gen10_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:apollo_4510_gen10_system:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:apollo_6500_gen10_plus_system:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:integrated_lights-out_5:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:proliant_bl460c_gen10_server_blade:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:proliant_dl120_gen10_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:proliant_dl160_gen10_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:proliant_dl180_gen10_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:proliant_dl20_gen10_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:proliant_dl325_gen10_plus_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:proliant_dl325_gen10_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:proliant_dl360_gen10_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:proliant_dl380_gen10_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:proliant_dl385_gen10_plus_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:proliant_dl385_gen10_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:proliant_dl560_gen10_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:proliant_dl580_gen10_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:proliant_dx385_gen10_plus_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:proliant_e910_server_blade:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:proliant_e910t_server_blade:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:proliant_m750_server_blade:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:proliant_microserver_gen10:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:proliant_microserver_gen10_plus:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:proliant_ml110_gen10_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:proliant_ml30_gen10_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:proliant_ml350_gen10_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:proliant_xl170r_gen10_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:proliant_xl190r_gen10_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:proliant_xl220n_gen10_plus_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:proliant_xl230k_gen10_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:proliant_xl270d_gen10_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:proliant_xl290n_gen10_plus_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:proliant_xl450_gen10_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:proliant_xl645d_gen10_plus_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:proliant_xl675d_gen10_plus_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:storage_file_controller:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:storeeasy_1460_storage:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:storeeasy_1560_storage:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:storeeasy_1660_expanded_storage:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:storeeasy_1660_storage:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:storeeasy_1860_storage:-:*:*:*:*:*:*:*
cpe:2.3:o:hp:integrated_lights-out_5_firmware:*:*:*:*:*:*:*:*
History

07 Nov 2023, 03:40

Type Values Removed Values Added
Summary Cross Site Scripting vulnerability in Hewlett Packard Enterprise Integrated Lights-Out 5. Cross Site Scripting vulnerability in Hewlett Packard Enterprise Integrated Lights-Out 5.

13 Dec 2022, 19:52

Type Values Removed Values Added
References (MISC) https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04133en_us - (MISC) https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04133en_us - Vendor Advisory
CWE CWE-79
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.1
CPE cpe:2.3:h:hpe:proliant_dl180_gen10_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:proliant_xl230k_gen10_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:proliant_dl325_gen10_plus_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:proliant_dl20_gen10_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:proliant_xl170r_gen10_server:-:*:*:*:*:*:*:*
cpe:2.3:o:hp:integrated_lights-out_5_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hpe:proliant_dl160_gen10_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:proliant_e910t_server_blade:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:storeeasy_1860_storage:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:proliant_xl645d_gen10_plus_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:proliant_xl450_gen10_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:proliant_dl380_gen10_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:proliant_dl385_gen10_plus_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:proliant_dl560_gen10_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:proliant_dx385_gen10_plus_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:apollo_4510_gen10_system:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:apollo_4200_gen10_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:storeeasy_1660_storage:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:proliant_xl220n_gen10_plus_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:storeeasy_1460_storage:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:proliant_xl675d_gen10_plus_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:storeeasy_1660_expanded_storage:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:apollo_6500_gen10_plus_system:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:proliant_ml350_gen10_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:proliant_ml110_gen10_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:proliant_dl120_gen10_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:proliant_m750_server_blade:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:proliant_dl580_gen10_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:proliant_xl190r_gen10_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:3par_service_processor:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:proliant_xl290n_gen10_plus_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:proliant_microserver_gen10:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:proliant_dl325_gen10_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:apollo_r2000_chassis:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:proliant_dl360_gen10_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:proliant_e910_server_blade:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:proliant_ml30_gen10_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:proliant_dl385_gen10_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:proliant_xl270d_gen10_server:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:proliant_bl460c_gen10_server_blade:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:integrated_lights-out_5:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:storage_file_controller:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:apollo_2000_gen10_plus_system:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:storeeasy_1560_storage:-:*:*:*:*:*:*:*
cpe:2.3:h:hpe:proliant_microserver_gen10_plus:-:*:*:*:*:*:*:*
First Time Hpe proliant Xl450 Gen10 Server
Hpe proliant Xl675d Gen10 Plus Server
Hpe apollo 2000 Gen10 Plus System
Hpe proliant Ml110 Gen10 Server
Hpe proliant Microserver Gen10 Plus
Hpe proliant Xl230k Gen10 Server
Hpe proliant Dl160 Gen10 Server
Hpe proliant Dl560 Gen10 Server
Hpe proliant Dl385 Gen10 Plus Server
Hpe storeeasy 1560 Storage
Hpe proliant Dl360 Gen10 Server
Hpe proliant Xl645d Gen10 Plus Server
Hpe proliant Xl170r Gen10 Server
Hpe proliant Dl385 Gen10 Server
Hpe proliant Xl190r Gen10 Server
Hpe storage File Controller
Hp apollo R2000 Chassis
Hpe proliant Xl270d Gen10 Server
Hpe storeeasy 1660 Storage
Hp
Hpe proliant Xl220n Gen10 Plus Server
Hpe proliant Ml350 Gen10 Server
Hpe proliant E910 Server Blade
Hpe proliant Dl380 Gen10 Server
Hpe proliant Bl460c Gen10 Server Blade
Hpe proliant Dl580 Gen10 Server
Hpe proliant Dl325 Gen10 Server
Hpe proliant M750 Server Blade
Hpe apollo 4510 Gen10 System
Hpe
Hpe proliant Xl290n Gen10 Plus Server
Hp 3par Service Processor
Hpe proliant Microserver Gen10
Hpe storeeasy 1660 Expanded Storage
Hpe proliant Dl120 Gen10 Server
Hpe integrated Lights-out 5
Hpe proliant E910t Server Blade
Hpe storeeasy 1860 Storage
Hpe proliant Dl325 Gen10 Plus Server
Hpe apollo 4200 Gen10 Server
Hpe proliant Dl180 Gen10 Server
Hpe proliant Dl20 Gen10 Server
Hp integrated Lights-out 5 Firmware
Hpe proliant Dx385 Gen10 Plus Server
Hpe storeeasy 1460 Storage
Hpe apollo 6500 Gen10 Plus System
Hpe proliant Ml30 Gen10 Server

12 Dec 2022, 13:17

Type Values Removed Values Added
New CVE
Information

Published : 2022-12-12 13:15

Updated : 2023-12-10 14:48

NVD link : CVE-2021-46846

Mitre link : CVE-2021-46846

CVE.ORG link : CVE-2021-46846

JSON object : View

Products Affected

hpe

  • proliant_xl170r_gen10_server
  • proliant_ml350_gen10_server
  • proliant_dl360_gen10_server
  • apollo_4510_gen10_system
  • storeeasy_1860_storage
  • proliant_dl120_gen10_server
  • proliant_dl385_gen10_plus_server
  • proliant_dl20_gen10_server
  • proliant_dl325_gen10_plus_server
  • proliant_xl645d_gen10_plus_server
  • proliant_e910t_server_blade
  • proliant_xl675d_gen10_plus_server
  • proliant_xl290n_gen10_plus_server
  • proliant_xl190r_gen10_server
  • proliant_dx385_gen10_plus_server
  • proliant_dl560_gen10_server
  • storeeasy_1660_expanded_storage
  • storeeasy_1460_storage
  • proliant_xl220n_gen10_plus_server
  • storeeasy_1660_storage
  • apollo_2000_gen10_plus_system
  • proliant_dl380_gen10_server
  • proliant_dl580_gen10_server
  • proliant_bl460c_gen10_server_blade
  • proliant_dl325_gen10_server
  • proliant_microserver_gen10_plus
  • proliant_ml110_gen10_server
  • proliant_e910_server_blade
  • proliant_m750_server_blade
  • apollo_4200_gen10_server
  • proliant_dl160_gen10_server
  • proliant_dl385_gen10_server
  • integrated_lights-out_5
  • storeeasy_1560_storage
  • proliant_dl180_gen10_server
  • proliant_ml30_gen10_server
  • proliant_xl270d_gen10_server
  • proliant_xl450_gen10_server
  • apollo_6500_gen10_plus_system
  • storage_file_controller
  • proliant_microserver_gen10
  • proliant_xl230k_gen10_server

hp

  • 3par_service_processor
  • integrated_lights-out_5_firmware
  • apollo_r2000_chassis
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')