← Back

CVE-2021-29218

nvd nist
Published: Feb 4, 2022Modified: Nov 21, 2024

JSON object

Loading...
6.7
Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 0.8 / Impact: 5.9
Source: NVD

Description

A local unquoted search path security vulnerability has been identified in HPE Agentless Management Service for Windows version(s): Prior to 1.44.0.0, 10.96.0.0. This vulnerability could be exploited locally by a user with high privileges to execute malware that may lead to a loss of confidentiality, integrity, and availability. HPE has provided software updates to resolve the vulnerability in HPE Agentless Management Service for Windows.

Affected (2)

Hpe
2 products
Agentless Management
Proliant Agentless Management
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Agentless Management
Before 1.44.0.0
Running on/withPlatform Versions
Microsoft
Windows
All versions
Configuration B
1 vulnerable · 11 platform
Vulnerable SoftwareAffected Versions
Proliant Agentless Management
Before 10.96.0.0
Running on/withPlatform Versions
Hpe
Apollo 20
All versions
Hpe
Apollo 2000 Gen 10 Plus
All versions
Hpe
Apollo 6500
All versions
Hpe
Apollo 6500 Gen10 Plus
All versions
Hpe
Apollo 80
All versions
Hpe
Proliant Dl
All versions
Hpe
Proliant Ml
All versions
Hpe
Synergy 480 Gen9
All versions
Hpe
Synergy 620 Gen9
All versions
Hpe
Synergy 660 Gen9
All versions
Hpe
Synergy 680 Gen9
All versions

Related CWEs

CWE-428
Unquoted Search Path or Element
The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

References (2)

Source: security-alert@hpe.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.