CVE-2021-26586 - Vulnerability Details - OpenCVE

A potential security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software. The vulnerability could be remotely exploited to disclose sensitive information. HPE has made software updates available to resolve the vulnerability in the HPE Edgeline Infrastructure Manager (EIM).

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hp	Edgeline Infrastructure Management

Configuration 1 [-]

cpe:2.3:a:hp:edgeline_infrastructure_management:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04180en_us
https://www.tenable.com/security/research/tra-2021-33

History

No history.

MITRE

Status: PUBLISHED

Assigner: hpe

Published: 2021-08-05T20:40:10

Updated: 2024-08-03T20:26:25.469Z

Reserved: 2021-02-02T00:00:00

Link: CVE-2021-26586

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-08-05T21:15:11.780

Modified: 2024-11-21T05:56:32.150

Link: CVE-2021-26586

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "HPE Edgeline Infrastructure Management Software", "vendor": "n/a", "versions": [{"status": "affected", "version": "Prior to 1.24"}]}], "descriptions": [{"lang": "en", "value": "A potential security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software. The vulnerability could be remotely exploited to disclose sensitive information. HPE has made software updates available to resolve the vulnerability in the HPE Edgeline Infrastructure Manager (EIM)."}], "problemTypes": [{"descriptions": [{"description": "remote disclosure of sensitive information", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-08-09T15:06:19", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04180en_us"}, {"tags": ["x_refsource_MISC"], "url": "https://www.tenable.com/security/research/tra-2021-33"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-alert@hpe.com", "ID": "CVE-2021-26586", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "HPE Edgeline Infrastructure Management Software", "version": {"version_data": [{"version_value": "Prior to 1.24"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A potential security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software. The vulnerability could be remotely exploited to disclose sensitive information. HPE has made software updates available to resolve the vulnerability in the HPE Edgeline Infrastructure Manager (EIM)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "remote disclosure of sensitive information"}]}]}, "references": {"reference_data": [{"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04180en_us", "refsource": "MISC", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04180en_us"}, {"name": "https://www.tenable.com/security/research/tra-2021-33", "refsource": "MISC", "url": "https://www.tenable.com/security/research/tra-2021-33"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T20:26:25.469Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04180en_us"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.tenable.com/security/research/tra-2021-33"}]}]}, "cveMetadata": {"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2021-26586", "datePublished": "2021-08-05T20:40:10", "dateReserved": "2021-02-02T00:00:00", "dateUpdated": "2024-08-03T20:26:25.469Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hp:edgeline_infrastructure_management:*:*:*:*:*:*:*:*", "matchCriteriaId": "80F5C01F-0088-4DDF-BBD7-48C10D0951FF", "versionEndExcluding": "1.24", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A potential security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software. The vulnerability could be remotely exploited to disclose sensitive information. HPE has made software updates available to resolve the vulnerability in the HPE Edgeline Infrastructure Manager (EIM)."}, {"lang": "es", "value": "Se ha identificado una posible vulnerabilidad de seguridad en HPE Edgeline Infrastructure Manager, tambi\u00e9n se conoce como HPE Edgeline Infrastructure Management Software. La vulnerabilidad podr\u00eda ser explotada remotamente para divulgar informaci\u00f3n confidencial. HPE ha puesto a disposici\u00f3n actualizaciones de software para resolver la vulnerabilidad en HPE Edgeline Infrastructure Manager (EIM)"}], "id": "CVE-2021-26586", "lastModified": "2024-11-21T05:56:32.150", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-08-05T21:15:11.780", "references": [{"source": "security-alert@hpe.com", "tags": ["Vendor Advisory"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04180en_us"}, {"source": "security-alert@hpe.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.tenable.com/security/research/tra-2021-33"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04180en_us"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.tenable.com/security/research/tra-2021-33"}], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}