Vulnerability Details : CVE-2021-29214
A security vulnerability has been identified in HPE StoreServ Management Console (SSMC). An authenticated SSMC administrator could exploit the vulnerability to inject code and elevate their privilege in SSMC. The scope of this vulnerability is limited to SSMC. Note: The arrays being managed are not impacted by this vulnerability. This vulnerability impacts SSMC versions 3.4 GA to 3.8.1.
Products affected by CVE-2021-29214
- cpe:2.3:a:hp:storeserv_management_console:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-29214
0.38%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 56 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-29214
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST | |
|
7.2
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
1.2
|
5.9
|
NIST |
References for CVE-2021-29214
-
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst04207en_us
Document - HPESBST04207 rev.1 - HPE StoreServ Management Console (SSMC), Authenticated Code Injection Leading to Privilege Elevation | HPE SupportPatch;Vendor Advisory
Jump to