Details of VAR-202104-1582

ID

VAR-202104-1582

CVE

CVE-2021-26581

TITLE

HPE Superdome Flex server Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-010259

DESCRIPTION

A potential security vulnerability has been identified in HPE Superdome Flex server. A denial of service attack can be remotely exploited leaving hung connections to the BMC web interface. The monarch BMC must be rebooted to recover from this situation. Other BMC management is not impacted. HPE has made the following software update to resolve the vulnerability in HPE Superdome Flex Server: Superdome Flex Server Firmware 3.30.142 or later

Trust: 1.71

sources: NVD: CVE-2021-26581 // JVNDB: JVNDB-2021-010259 // VULMON: CVE-2021-26581

AFFECTED PRODUCTS

vendor:	hpe	model:	superdome flex server	scope:	lt	version:	3.30.142	Trust: 1.0
vendor:	日立	model:	日立高信頼サーバ rv3000	scope:	-	version:	-	Trust: 0.8
vendor:	ヒューレットパッカードエンタープライズ	model:	hpe superdome flex server	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-010259 // NVD: CVE-2021-26581

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-26581
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-26581
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202104-061
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2021-26581
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-26581
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2021-26581
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-26581
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2021-26581 // JVNDB: JVNDB-2021-010259 // CNNVD: CNNVD-202104-061 // NVD: CVE-2021-26581

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-010259 // NVD: CVE-2021-26581

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202104-061

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-061

PATCH

title:	hpesbhf04102en_us Hitachi Server / Client Product Security Information	url:	https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=emr_na-hpesbhf04102en_us	Trust: 0.8
title:	HPE Superdome Flex serve Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=146467	Trust: 0.6

sources: JVNDB: JVNDB-2021-010259 // CNNVD: CNNVD-202104-061

EXTERNAL IDS

db:	NVD	id:	CVE-2021-26581	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-010259	Trust: 0.8
db:	CNNVD	id:	CNNVD-202104-061	Trust: 0.6
db:	VULMON	id:	CVE-2021-26581	Trust: 0.1

sources: VULMON: CVE-2021-26581 // JVNDB: JVNDB-2021-010259 // CNNVD: CNNVD-202104-061 // NVD: CVE-2021-26581

REFERENCES

url:	https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf04102en_us	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-26581	Trust: 1.4
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/199289	Trust: 0.1

sources: VULMON: CVE-2021-26581 // JVNDB: JVNDB-2021-010259 // CNNVD: CNNVD-202104-061 // NVD: CVE-2021-26581

SOURCES

db:	VULMON	id:	CVE-2021-26581
db:	JVNDB	id:	JVNDB-2021-010259
db:	CNNVD	id:	CNNVD-202104-061
db:	NVD	id:	CVE-2021-26581

LAST UPDATE DATE

2024-11-23T22:47:39.175000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-26581	date:	2021-04-06T00:00:00
db:	JVNDB	id:	JVNDB-2021-010259	date:	2022-06-28T07:13:00
db:	CNNVD	id:	CNNVD-202104-061	date:	2021-04-07T00:00:00
db:	NVD	id:	CVE-2021-26581	date:	2024-11-21T05:56:31.590

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-26581	date:	2021-04-01T00:00:00
db:	JVNDB	id:	JVNDB-2021-010259	date:	2022-06-28T00:00:00
db:	CNNVD	id:	CNNVD-202104-061	date:	2021-04-01T00:00:00
db:	NVD	id:	CVE-2021-26581	date:	2021-04-01T19:15:13.887