CVE-2024-51767

| EUVD-2024-54782 HIGH
2025-07-14 [email protected]
7.3
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

3
Analysis Generated
Mar 16, 2026 - 09:43 vuln.today
EUVD ID Assigned
Mar 16, 2026 - 09:43 euvd
EUVD-2024-54782
CVE Published
Jul 14, 2025 - 11:15 nvd
HIGH 7.3

Tags

Authentication Bypass Autopass License Server

Description

An authentication bypass vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17.

Analysis

CVE-2024-51767 is an authentication bypass vulnerability in HPE AutoPass License Server (APLS) versions prior to 9.17 that allows unauthenticated remote attackers to gain unauthorized access to the application with limited impact on confidentiality, integrity, and availability. The vulnerability has a CVSS score of 7.3 (High) with a network-accessible attack vector requiring no privileges or user interaction, making it trivially exploitable. While specific KEV status and EPSS data are not provided in the available intelligence, the authentication bypass nature combined with the low attack complexity indicates this vulnerability likely poses a moderate-to-high real-world risk to unpatched HPE APLS installations.

Technical Context

The vulnerability stems from improper implementation of authentication mechanisms in HPE AutoPass License Server, classified under CWE-287 (Improper Authentication). HPE AutoPass License Server is a license management platform that authenticates and provisions software licenses. The affected versions prior to 9.17 likely contain flaws in session management, credential validation, or API authentication logic that allows attackers to bypass authentication controls. This could manifest as missing or improperly validated authentication tokens, weak cryptographic implementations, or logical flaws in the authentication flow. The network-accessible nature (AV:N) suggests the vulnerable endpoint is exposed on the network without requiring physical or local access, potentially through HTTP/HTTPS-based APIs or web interfaces used for license management operations.

Affected Products

[{'vendor': 'HPE', 'product': 'AutoPass License Server (APLS)', 'affected_versions': 'Prior to version 9.17', 'vulnerable_range': 'All versions below 9.17', 'fixed_version': '9.17 and later', 'cpe_string': 'cpe:2.3:a:hpe:autopass_license_server:*:*:*:*:*:*:*:*'}]

Remediation

[{'type': 'Patch', 'action': 'Upgrade HPE AutoPass License Server to version 9.17 or later', 'severity': 'Critical', 'availability': 'Patch available from HPE'}, {'type': 'Mitigation', 'action': 'Implement network-level access controls to restrict access to APLS administrative interfaces and APIs to trusted networks only', 'severity': 'Interim'}, {'type': 'Mitigation', 'action': 'Monitor APLS authentication logs for failed login attempts and anomalous access patterns', 'severity': 'Interim'}, {'type': 'Workaround', 'action': 'Deploy APLS behind a Web Application Firewall (WAF) configured to validate authentication tokens and detect authentication bypass attempts', 'severity': 'Interim'}, {'type': 'Detection', 'action': 'Review vendor security bulletin from HPE for specific patch download links and detailed remediation guidance'}]

Priority Score

37
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +36
POC: 0

Share

CVE-2024-51767 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy