What is the CVSS score of EUVD-2024-54780?

EUVD-2024-54780 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. EPSS exploitation probability: 0.1%.

Which versions of Autopass License Server are affected by EUVD-2024-54780?

CVE-2024-51769 is an information disclosure vulnerability in HPE AutoPass License Server that exposes sensitive licensing and infrastructure data to unauthenticated network attackers, potentially…. A patch is available.

How to fix or mitigate EUVD-2024-54780?

Within 24 hours: Identify and inventory all HPE AutoPass License Server installations and document current versions in use. Within 7 days: Apply vendor-released patch to upgrade all affected APLS instances to version 9.17 or later, prioritizing internet-facing or DMZ-deployed systems. Within 30 days: Conduct audit of license server access logs for unauthorized information disclosure activity; implement network segmentation to restrict APLS access to authorized administrative networks only.

Autopass License Server EUVD-2024-54780

| CVE-2024-51769 HIGH

Information Exposure (CWE-200)

2025-07-14 security-alert@hpe.com

Information Disclosure HP Autopass License Server

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Updated

Apr 16, 2026 - 06:26 EUVD-patch-fix

executive_summary

Re-analysis Queued

Apr 16, 2026 - 05:29 backfill_euvd_patch

patch_released

Patch available

Apr 16, 2026 - 05:29 EUVD

9.17

EUVD ID Assigned

Mar 16, 2026 - 09:43 euvd

EUVD-2024-54780

Analysis Generated

Mar 16, 2026 - 09:43 vuln.today

CVE Published

Jul 14, 2025 - 11:15 nvd

HIGH 7.5

DescriptionNVD

An information disclosure vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17.

AnalysisAI

CVE-2024-51769 is an information disclosure vulnerability in HPE AutoPass License Server (APLS) versions prior to 9.17 that allows unauthenticated network attackers to access sensitive information without requiring user interaction. The vulnerability has a CVSS 3.1 score of 7.5 with a high confidentiality impact (CWE-200: Exposure of Sensitive Information to an Unauthorized Actor), making it a significant risk for organizations relying on APLS for license management across their HPE infrastructure.

Technical ContextAI

HPE AutoPass License Server (APLS) is a centralized license management solution for HPE software and hardware products. The vulnerability stems from improper information exposure (CWE-200), a common weakness class indicating that sensitive data is made accessible to actors without proper authorization controls. The affected product uses network-accessible services (evidenced by CVSS AV:N) that fail to implement adequate access controls or data classification mechanisms. This typically manifests in license server APIs, web interfaces, or backend services that expose confidential licensing metadata, entitlement information, or system configuration details. The lack of authentication requirements (PR:N in CVSS vector) suggests the vulnerability exists in unauthenticated endpoints or services that should require credential validation before responding with sensitive information.

RemediationAI

Immediate action: Upgrade HPE AutoPass License Server to version 9.17 or later. Organizations unable to immediately patch should: (1) Implement network-level access controls to restrict APLS service accessibility to only authorized administrative users and systems; (2) Deploy APLS instances on isolated internal networks without public internet exposure; (3) Implement firewall rules limiting access to APLS ports (typically 7070, 27000, or custom ports) to trusted IP ranges only; (4) Monitor APLS access logs for suspicious unauthenticated requests; (5) Review APLS security event logs for evidence of information disclosure attempts. Consult the HPE Security Advisory (reference HPE PSRT documentation) for detailed upgrade procedures and rollback plans. Test patches in non-production environments before production deployment given the critical nature of license infrastructure.