CVE-2021-26582 - OpenCVE

A security vulnerability in HPE IceWall SSO Domain Gateway Option (Dgfw) module version 10.0 on RHEL 5/6/7, version 10.0 on HP-UX 11i v3, version 10.0 on Windows and 11.0 on Windows could be exploited remotely to allow cross-site scripting (XSS).

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hp	Hp-ux Icewall Sso Dgfw
Microsoft	Windows
Redhat	Enterprise Linux

Configuration 1 [-]

AND

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

OR	cpe:2.3:a:hp:icewall_sso_dgfw:10.0:::::::*
	cpe:2.3:a:hp:icewall_sso_dgfw:11.0:::::::*

Configuration 2 [-]

AND

OR	cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*

cpe:2.3:a:hp:icewall_sso_dgfw:10.0:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:hp:hp-ux:11i:v3.0:*:*:*:*:*:*

cpe:2.3:a:hp:icewall_sso_dgfw:10.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04086en_us

History

No history.

MITRE

Status: PUBLISHED

Assigner: hpe

Published: 2021-04-15T17:50:41

Updated: 2024-08-03T20:26:25.525Z

Reserved: 2021-02-02T00:00:00

Link: CVE-2021-26582

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-04-15T18:15:12.387

Modified: 2021-04-22T15:06:17.313

Link: CVE-2021-26582

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "IceWall SSO Dgfw", "vendor": "n/a", "versions": [{"status": "affected", "version": "IceWall SSO Dgfw 10.0 (RHEL, HP-UX, Windows) and IceWall SSO Dgfw 11.0 (Windows)"}]}], "descriptions": [{"lang": "en", "value": "A security vulnerability in HPE IceWall SSO Domain Gateway Option (Dgfw) module version 10.0 on RHEL 5/6/7, version 10.0 on HP-UX 11i v3, version 10.0 on Windows and 11.0 on Windows could be exploited remotely to allow cross-site scripting (XSS)."}], "problemTypes": [{"descriptions": [{"description": "remote cross-site scripting (xss)", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-04-15T17:50:41", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04086en_us"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-alert@hpe.com", "ID": "CVE-2021-26582", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "IceWall SSO Dgfw", "version": {"version_data": [{"version_value": "IceWall SSO Dgfw 10.0 (RHEL, HP-UX, Windows) and IceWall SSO Dgfw 11.0 (Windows)"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A security vulnerability in HPE IceWall SSO Domain Gateway Option (Dgfw) module version 10.0 on RHEL 5/6/7, version 10.0 on HP-UX 11i v3, version 10.0 on Windows and 11.0 on Windows could be exploited remotely to allow cross-site scripting (XSS)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "remote cross-site scripting (xss)"}]}]}, "references": {"reference_data": [{"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04086en_us", "refsource": "MISC", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04086en_us"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T20:26:25.525Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04086en_us"}]}]}, "cveMetadata": {"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2021-26582", "datePublished": "2021-04-15T17:50:41", "dateReserved": "2021-02-02T00:00:00", "dateUpdated": "2024-08-03T20:26:25.525Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:hp:icewall_sso_dgfw:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "C5EC26F5-25FB-4172-9D76-E599035A4E76", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:icewall_sso_dgfw:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "47B7FD22-3329-4363-B6F8-69EE1B5ED252", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3", "vulnerable": false}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", "vulnerable": false}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:hp:icewall_sso_dgfw:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "C5EC26F5-25FB-4172-9D76-E599035A4E76", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hp:hp-ux:11i:v3.0:*:*:*:*:*:*", "matchCriteriaId": "BCADC579-2933-40CC-B01B-A08FBA48F75E", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:hp:icewall_sso_dgfw:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "C5EC26F5-25FB-4172-9D76-E599035A4E76", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A security vulnerability in HPE IceWall SSO Domain Gateway Option (Dgfw) module version 10.0 on RHEL 5/6/7, version 10.0 on HP-UX 11i v3, version 10.0 on Windows and 11.0 on Windows could be exploited remotely to allow cross-site scripting (XSS)."}, {"lang": "es", "value": "Una vulnerabilidad de seguridad en el m\u00f3dulo HPE IceWall SSO Domain Gateway Option (Dgfw) versi\u00f3n 10.0 en RHEL 5/6/7, versi\u00f3n 10.0 en HP-UX 11i versi\u00f3n v3, versi\u00f3n 10.0 en Windows y 11.0 en Windows, podr\u00eda ser explotado remotamente para permitir ataques de tipo cross-site scripting (XSS)"}], "id": "CVE-2021-26582", "lastModified": "2021-04-22T15:06:17.313", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-04-15T18:15:12.387", "references": [{"source": "security-alert@hpe.com", "tags": ["Vendor Advisory"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04086en_us"}], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}