EUVD-2024-54783

| CVE-2024-51770 HIGH
2025-07-14 [email protected]
7.5
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

3
Analysis Generated
Mar 16, 2026 - 09:43 vuln.today
EUVD ID Assigned
Mar 16, 2026 - 09:43 euvd
EUVD-2024-54783
CVE Published
Jul 14, 2025 - 11:15 nvd
HIGH 7.5

Tags

Information Disclosure Hp Autopass License Server

Description

An information disclosure vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17.

Analysis

CVE-2024-51770 is an information disclosure vulnerability in HPE AutoPass License Server (APLS) versions prior to 9.17 that allows unauthenticated remote attackers to access sensitive information over the network. The vulnerability has a CVSS score of 7.5 with high confidentiality impact, enabling attackers to extract confidential data without requiring authentication, special privileges, or user interaction. The network-accessible nature of this information disclosure makes it a significant risk for organizations running vulnerable APLS versions.

Technical Context

HPE AutoPass License Server (APLS) is a centralized licensing management platform used to distribute and manage software licenses across enterprise environments. The vulnerability (CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere) indicates that the affected version improperly exposes sensitive system or configuration data that should be protected. The affected product uses CPE identifiers in the scope of hpe:autopass_license_server with versions prior to 9.17. The root cause is a failure to implement proper access controls or information protection mechanisms that would restrict sensitive data exposure to authenticated and authorized users only. The network-accessible vector suggests the vulnerability may exist in web service endpoints, API interfaces, or other network-exposed components of APLS.

Affected Products

[{'vendor': 'HPE', 'product': 'AutoPass License Server (APLS)', 'affected_versions': 'Prior to 9.17', 'cpe': 'cpe:2.3:a:hpe:autopass_license_server:*:*:*:*:*:*:*:*', 'version_range': '< 9.17', 'status': 'Vulnerable'}, {'vendor': 'HPE', 'product': 'AutoPass License Server (APLS)', 'affected_versions': '9.17 and later', 'cpe': 'cpe:2.3:a:hpe:autopass_license_server:*:*:*:*:*:*:*:*', 'version_range': '>= 9.17', 'status': 'Patched'}]

Remediation

[{'type': 'Patch', 'action': 'Upgrade HPE AutoPass License Server to version 9.17 or later', 'priority': 'High', 'timeline': 'Immediate for internet-facing deployments'}, {'type': 'Network Segmentation', 'action': 'Restrict network access to APLS administrative interfaces and API endpoints using firewall rules, VPN requirements, or network segmentation. Limit exposure to trusted internal networks only.', 'priority': 'High', 'timeline': 'Immediate'}, {'type': 'Access Control', 'action': 'Implement strong authentication mechanisms and ensure all access to APLS is logged and monitored', 'priority': 'Medium', 'timeline': 'Before patching if patch deployment is delayed'}, {'type': 'Monitoring', 'action': 'Monitor APLS access logs for suspicious information disclosure patterns or unusual data access requests', 'priority': 'Medium', 'timeline': 'Ongoing'}, {'type': 'Vendor Advisory', 'action': 'Consult HPE security advisories and patches available through HPE Customer Portal', 'priority': 'High', 'timeline': 'Before remediation'}]

Priority Score

38
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +38
POC: 0

Share

EUVD-2024-54783 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy