CVE-2021-26589

Summary

A potential security vulnerability has been identified in HPE Superdome Flex Servers. The vulnerability could be remotely exploited to allow Cross Site Scripting (XSS) because the Session Cookie is missing an HttpOnly Attribute. HPE has provided a firmware update to resolve the vulnerability in HPE Superdome Flex Servers.

Affected Software

VendorProductVersion RangeStatus
n/aHPE Superdome Flex ServerPrior to Version 3.40.106affected

Weaknesses

  • remote cross-site scripting (xss)

ADP Enrichment

CVE Program Container

Additional References

References