6.7
CVE-2021-29218
- EPSS 0.07%
- Published 04.02.2022 23:15:11
- Last modified 21.11.2024 06:00:50
- Source security-alert@hpe.com
- Teams watchlist Login
- Open Login
A local unquoted search path security vulnerability has been identified in HPE Agentless Management Service for Windows version(s): Prior to 1.44.0.0, 10.96.0.0. This vulnerability could be exploited locally by a user with high privileges to execute malware that may lead to a loss of confidentiality, integrity, and availability. HPE has provided software updates to resolve the vulnerability in HPE Agentless Management Service for Windows.
Data is provided by the National Vulnerability Database (NVD)
Hpe ≫ Agentless Management Version < 1.44.0.0
Hpe ≫ Proliant Agentless Management Version < 10.96.0.0
Hpe ≫ Apollo 20 Version-
Hpe ≫ Apollo 2000 Gen 10 Plus Version-
Hpe ≫ Apollo 6500 Version-
Hpe ≫ Apollo 6500 Gen10 Plus Version-
Hpe ≫ Apollo 80 Version-
Hpe ≫ Proliant Dl Version-
Hpe ≫ Proliant Ml Version-
Hpe ≫ Synergy 480 Gen9 Version-
Hpe ≫ Synergy 620 Gen9 Version-
Hpe ≫ Synergy 660 Gen9 Version-
Hpe ≫ Synergy 680 Gen9 Version-
Hpe ≫ Apollo 2000 Gen 10 Plus Version-
Hpe ≫ Apollo 6500 Version-
Hpe ≫ Apollo 6500 Gen10 Plus Version-
Hpe ≫ Apollo 80 Version-
Hpe ≫ Proliant Dl Version-
Hpe ≫ Proliant Ml Version-
Hpe ≫ Synergy 480 Gen9 Version-
Hpe ≫ Synergy 620 Gen9 Version-
Hpe ≫ Synergy 660 Gen9 Version-
Hpe ≫ Synergy 680 Gen9 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.07% | 0.171 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.7 | 0.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 4.6 | 3.9 | 6.4 |
AV:L/AC:L/Au:N/C:P/I:P/A:P
|
CWE-428 Unquoted Search Path or Element
The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.