Skip to main content

Autopass License Server CVE-2024-51770

| EUVD-2024-54783 HIGH
Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497)
2025-07-14 security-alert@hpe.com
Information Disclosure HP Autopass License Server
7.5
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

6
Analysis Updated
Apr 16, 2026 - 06:26 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
9.17
EUVD ID Assigned
Mar 16, 2026 - 09:43 euvd
EUVD-2024-54783
Analysis Generated
Mar 16, 2026 - 09:43 vuln.today
CVE Published
Jul 14, 2025 - 11:15 nvd
HIGH 7.5

DescriptionNVD

An information disclosure vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17.

AnalysisAI

CVE-2024-51770 is an information disclosure vulnerability in HPE AutoPass License Server (APLS) versions prior to 9.17 that allows unauthenticated remote attackers to access sensitive information over the network. The vulnerability has a CVSS score of 7.5 with high confidentiality impact, enabling attackers to extract confidential data without requiring authentication, special privileges, or user interaction. The network-accessible nature of this information disclosure makes it a significant risk for organizations running vulnerable APLS versions.

Technical ContextAI

HPE AutoPass License Server (APLS) is a centralized licensing management platform used to distribute and manage software licenses across enterprise environments. The vulnerability (CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere) indicates that the affected version improperly exposes sensitive system or configuration data that should be protected. The affected product uses CPE identifiers in the scope of hpe:autopass_license_server with versions prior to 9.17. The root cause is a failure to implement proper access controls or information protection mechanisms that would restrict sensitive data exposure to authenticated and authorized users only. The network-accessible vector suggests the vulnerability may exist in web service endpoints, API interfaces, or other network-exposed components of APLS.

RemediationAI

{'type': 'Patch', 'action': 'Upgrade HPE AutoPass License Server to version 9.17 or later', 'priority': 'High', 'timeline': 'Immediate for internet-facing deployments'} {'type': 'Network Segmentation', 'action': 'Restrict network access to APLS administrative interfaces and API endpoints using firewall rules, VPN requirements, or network segmentation. Limit exposure to trusted internal networks only.', 'priority': 'High', 'timeline': 'Immediate'} {'type': 'Access Control', 'action': 'Implement strong authentication mechanisms and ensure all access to APLS is logged and monitored', 'priority': 'Medium', 'timeline': 'Before patching if patch deployment is delayed'} {'type': 'Monitoring', 'action': 'Monitor APLS access logs for suspicious information disclosure patterns or unusual data access requests', 'priority': 'Medium', 'timeline': 'Ongoing'} {'type': 'Vendor Advisory', 'action': 'Consult HPE security advisories and patches available through HPE Customer Portal', 'priority': 'High', 'timeline': 'Before remediation'}

More from same product – last 7 days

CVE-2026-42626
5.9 May 22

HP ENVY 5000 series printers VERBASPP1N003.2237A.00 do not properly manage concurrent TCP connections to port 9100 (JetD

Share

CVE-2024-51770 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy