CVE-2021-29217 — Open Redirect in HPE Oneview Global Dashboard

CWE-601 — Open Redirect3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

0.2%

top 54.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

HPE Oneview Global Dashboard Hewlett Packard Enterprise HPE Oneview Global Dashboard

Timeline

PublishedFeb 24

Latest updateFeb 25

Description

A remote URL redirection vulnerability was discovered in HPE OneView Global Dashboard version(s): Prior to 2.5. HPE has provided a software update to resolve this vulnerability in HPE OneView Global Dashboard.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDhpe/oneview_global_dashboard< 2.5

▶CVEListV5hewlett_packard_enterprise/hpe_oneview_global_dashboardPrior to 2.5

🔴Vulnerability Details

GHSA

GHSA-9m99-8359-wr5f: A remote URL redirection vulnerability was discovered in HPE OneView Global Dashboard version(s): Prior to 2↗2022-02-25

▶

CVEList

CVE-2021-29217: A remote URL redirection vulnerability was discovered in HPE OneView Global Dashboard version(s): Prior to 2↗2022-02-24

▶