SB2025071759 - Sensitive Information in Resource Not Removed Before Reuse in Certain HPE StoreEasy Servers Using Certain Intel Processors

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025071759

SB2025071759 - Sensitive Information in Resource Not Removed Before Reuse in Certain HPE StoreEasy Servers Using Certain Intel Processors

Published: July 17, 2025

Security Bulletin ID SB2025071759
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Data manipulation

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Sensitive Information in Resource Not Removed Before Reuse (CVE-ID: CVE-2024-21850)

CWE-ID: CWE-226 - Sensitive Information in Resource Not Removed Before Reuse

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local administrator to escalate privileges on the system.

The vulnerability exists due to sensitive information in resource not removed, which leads to security restrictions bypass and privilege escalation.


Remediation

Install update from vendor's website.

References