CVE-2021-46846

nvd nist

Published: Dec 12, 2022Modified: May 2, 2025

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

Cross Site Scripting vulnerability in Hewlett Packard Enterprise Integrated Lights-Out 5.

Affected (1)

Products: Hp: Integrated Lights Out 5 Firmware

1 product

Integrated Lights Out 5 Firmware

Configuration A

1 vulnerable · 44 platform

Vulnerable Software	Affected Versions
Hp Integrated Lights Out 5 Firmware	Before 2.44

Running on/with	Platform Versions
Hp 3par Service Processor	All versions
Hp Apollo R2000 Chassis	All versions
Hpe Apollo 2000 Gen10 Plus System	All versions
Hpe Apollo 4200 Gen10 Server	All versions
Hpe Apollo 4510 Gen10 System	All versions
Hpe Apollo 6500 Gen10 Plus System	All versions
Hpe Integrated Lights Out 5	All versions
Hpe Proliant Bl460c Gen10 Server Blade	All versions
Hpe Proliant Dl120 Gen10 Server	All versions
Hpe Proliant Dl160 Gen10 Server	All versions
Hpe Proliant Dl180 Gen10 Server	All versions
Hpe Proliant Dl20 Gen10 Server	All versions
Hpe Proliant Dl325 Gen10 Plus Server	All versions
Hpe Proliant Dl325 Gen10 Server	All versions
Hpe Proliant Dl360 Gen10 Server	All versions
Hpe Proliant Dl380 Gen10 Server	All versions
Hpe Proliant Dl385 Gen10 Plus Server	All versions
Hpe Proliant Dl385 Gen10 Server	All versions
Hpe Proliant Dl560 Gen10 Server	All versions
Hpe Proliant Dl580 Gen10 Server	All versions
Hpe Proliant Dx385 Gen10 Plus Server	All versions
Hpe Proliant E910 Server Blade	All versions
Hpe Proliant E910t Server Blade	All versions
Hpe Proliant M750 Server Blade	All versions
Hpe Proliant Microserver Gen10	All versions
Hpe Proliant Microserver Gen10 Plus	All versions
Hpe Proliant Ml110 Gen10 Server	All versions
Hpe Proliant Ml30 Gen10 Server	All versions
Hpe Proliant Ml350 Gen10 Server	All versions
Hpe Proliant Xl170r Gen10 Server	All versions
Hpe Proliant Xl190r Gen10 Server	All versions
Hpe Proliant Xl220n Gen10 Plus Server	All versions
Hpe Proliant Xl230k Gen10 Server	All versions
Hpe Proliant Xl270d Gen10 Server	All versions
Hpe Proliant Xl290n Gen10 Plus Server	All versions
Hpe Proliant Xl450 Gen10 Server	All versions
Hpe Proliant Xl645d Gen10 Plus Server	All versions
Hpe Proliant Xl675d Gen10 Plus Server	All versions
Hpe Storage File Controller	All versions
Hpe Storeeasy 1460 Storage	All versions
Hpe Storeeasy 1560 Storage	All versions
Hpe Storeeasy 1660 Expanded Storage	All versions
Hpe Storeeasy 1660 Storage	All versions
Hpe Storeeasy 1860 Storage	All versions

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04133en_us

Source: security-alert@hpe.com

Vendor Advisory

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04133en_us

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.