Skip to main content

Autopass License Server CVE-2024-51767

| EUVD-2024-54782 HIGH
Improper Authentication (CWE-287)
2025-07-14 security-alert@hpe.com
Authentication Bypass Autopass License Server
7.3
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

6
Analysis Updated
Apr 16, 2026 - 06:26 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
9.17
EUVD ID Assigned
Mar 16, 2026 - 09:43 euvd
EUVD-2024-54782
Analysis Generated
Mar 16, 2026 - 09:43 vuln.today
CVE Published
Jul 14, 2025 - 11:15 nvd
HIGH 7.3

DescriptionNVD

An authentication bypass vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17.

AnalysisAI

CVE-2024-51767 is an authentication bypass vulnerability in HPE AutoPass License Server (APLS) versions prior to 9.17 that allows unauthenticated remote attackers to gain unauthorized access to the application with limited impact on confidentiality, integrity, and availability. The vulnerability has a CVSS score of 7.3 (High) with a network-accessible attack vector requiring no privileges or user interaction, making it trivially exploitable. While specific KEV status and EPSS data are not provided in the available intelligence, the authentication bypass nature combined with the low attack complexity indicates this vulnerability likely poses a moderate-to-high real-world risk to unpatched HPE APLS installations.

Technical ContextAI

The vulnerability stems from improper implementation of authentication mechanisms in HPE AutoPass License Server, classified under CWE-287 (Improper Authentication). HPE AutoPass License Server is a license management platform that authenticates and provisions software licenses. The affected versions prior to 9.17 likely contain flaws in session management, credential validation, or API authentication logic that allows attackers to bypass authentication controls. This could manifest as missing or improperly validated authentication tokens, weak cryptographic implementations, or logical flaws in the authentication flow. The network-accessible nature (AV:N) suggests the vulnerable endpoint is exposed on the network without requiring physical or local access, potentially through HTTP/HTTPS-based APIs or web interfaces used for license management operations.

RemediationAI

{'type': 'Patch', 'action': 'Upgrade HPE AutoPass License Server to version 9.17 or later', 'severity': 'Critical', 'availability': 'Patch available from HPE'} {'type': 'Mitigation', 'action': 'Implement network-level access controls to restrict access to APLS administrative interfaces and APIs to trusted networks only', 'severity': 'Interim'} {'type': 'Mitigation', 'action': 'Monitor APLS authentication logs for failed login attempts and anomalous access patterns', 'severity': 'Interim'} {'type': 'Workaround', 'action': 'Deploy APLS behind a Web Application Firewall (WAF) configured to validate authentication tokens and detect authentication bypass attempts', 'severity': 'Interim'} {'type': 'Detection', 'action': 'Review vendor security bulletin from HPE for specific patch download links and detailed remediation guidance'}

Share

CVE-2024-51767 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy