CRITICAL🇵🇱 Wersja polska

CVE-2026-23600

CVSS 10.0v4.0pub. 2026-03-02

A remote authentication bypass vulnerability  exists in HPE AutoPass License Server (APLS).

🤖 AI Analysis
How it works

The vulnerability classified as CWE-287 (Improper Authentication) consists of improper implementation of the identity verification mechanism in HPE AutoPass License Server. A remote, unauthenticated attacker can bypass required authentication steps and gain access to protected server resources. The attack does not require user interaction or fulfillment of additional prerequisites.

Impact

An attacker can obtain unauthorized access to HPE AutoPass License Server with potentially full privileges, which may lead to violations of confidentiality, integrity, and availability of both the system itself and the associated infrastructure.

Mitigation & patch

Apply patches available from the vendor according to the references: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn05003en_us&docLocale=en_US

Who is affected

HPE AutoPass License Server (APLS) — detailed information about affected versions is indicated in vendor references

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References