A remote authentication bypass vulnerability exists in HPE AutoPass License Server (APLS).
The vulnerability classified as CWE-287 (Improper Authentication) consists of improper implementation of the identity verification mechanism in HPE AutoPass License Server. A remote, unauthenticated attacker can bypass required authentication steps and gain access to protected server resources. The attack does not require user interaction or fulfillment of additional prerequisites.
An attacker can obtain unauthorized access to HPE AutoPass License Server with potentially full privileges, which may lead to violations of confidentiality, integrity, and availability of both the system itself and the associated infrastructure.
Apply patches available from the vendor according to the references: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn05003en_us&docLocale=en_US
HPE AutoPass License Server (APLS) — detailed information about affected versions is indicated in vendor references
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X