Hewlett Packard Enterprise (HPE) has issued several security bulletins to address vulnerabilities in multiple products, between March 12 and 14, 2023.
The company has updated ClearPass Policy Manager 6.11.x, 6.10.x and 6.9.x, HPE Integrated Lights-Out 4 (iLO 4), HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers, HPE Integrated Lights-Out 6 (iLO 6), and HPE NonStop Platform. The Cyber Centre, which is Canada’s national cybersecurity agency, has advised users and administrators to review the provided web link and apply the necessary updates.
ClearPass Policy Manager is a network access control solution that enables secure access to the network. The product has been updated to address multiple vulnerabilities, including SQL injection and command injection flaws. The Integrated Lights-Out (iLO) products are server management tools that provide remote server management capabilities. The iLO 4, iLO 5, and iLO 6 products have been updated to address vulnerabilities that could allow an attacker to bypass security restrictions and execute arbitrary code.
HPE NonStop Platform is a fault-tolerant computing solution used in various industries such as finance, healthcare, and retail.
The platform has also been updated to address multiple vulnerabilities, including a vulnerability that could allow an attacker to cause a denial-of-service attack.
HPE has encouraged its customers to update their products as soon as possible to ensure the security of their systems.
This move by HPE is a proactive step towards protecting its customers against cyber attacks.
The company’s prompt response to the identified vulnerabilities underscores the importance of timely software updates in maintaining the security of information systems.
This is particularly relevant given the increasingly sophisticated cyber threats targeting businesses today.