Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-54009

Summary
Assigner-hpe
Assigner Org ID-eb103674-0d28-4225-80f8-39fb86215de0
Published At-19 Dec, 2024 | 22:19
Updated At-20 Dec, 2024 | 17:10
Rejected At-
Credits

Remote authentication bypass vulnerability in HPE Alletra Storage MP B10000 in versions prior to version 10.4.5 could be remotely exploited to allow disclosure of information.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:hpe
Assigner Org ID:eb103674-0d28-4225-80f8-39fb86215de0
Published At:19 Dec, 2024 | 22:19
Updated At:20 Dec, 2024 | 17:10
Rejected At:
â–¼CVE Numbering Authority (CNA)

Remote authentication bypass vulnerability in HPE Alletra Storage MP B10000 in versions prior to version 10.4.5 could be remotely exploited to allow disclosure of information.

Affected Products
Vendor
Hewlett Packard Enterprise (HPE)Hewlett Packard Enterprise (HPE)
Product
HPE Alletra Storage MP B10000
Default Status
unaffected
Versions
Affected
  • From 0 before 10.4.5 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-200CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Type: CWE
CWE ID: CWE-200
Description: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Metrics
VersionBase scoreBase severityVector
3.14.0MEDIUM
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 4.0
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-114CAPEC-114 Authentication Abuse
CAPEC ID: CAPEC-114
Description: CAPEC-114 Authentication Abuse
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbst04764en_us&docLocale=en_US
N/A
Hyperlink: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbst04764en_us&docLocale=en_US
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-alert@hpe.com
Published At:19 Dec, 2024 | 23:15
Updated At:19 Dec, 2024 | 23:15

Remote authentication bypass vulnerability in HPE Alletra Storage MP B10000 in versions prior to version 10.4.5 could be remotely exploited to allow disclosure of information.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.14.0MEDIUM
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 4.0
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-200Secondarysecurity-alert@hpe.com
CWE ID: CWE-200
Type: Secondary
Source: security-alert@hpe.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbst04764en_us&docLocale=en_USsecurity-alert@hpe.com
N/A
Hyperlink: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbst04764en_us&docLocale=en_US
Source: security-alert@hpe.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

7Records found
CVE-2026-23597
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-6.5||MEDIUM
EPSS-Not Assigned
Published-17 Feb, 2026 | 20:46
Updated-18 Feb, 2026 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated Information Disclosure in application API allows sensitive system information exposure

Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow an unauthenticated remote attacker to obtain sensitive information. Successful exploitation could allow an attacker to access details such as user accounts, roles, and system configuration, as well as to gain insight into internal services and workflows, increasing the risk of unauthorized access and elevated privileges when combined with other vulnerabilities.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)
Product-HPE Aruba Networking Private 5G Core
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-37160
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 16.92%
||
7 Day CHG~0.00%
Published-18 Nov, 2025 | 18:54
Updated-04 Dec, 2025 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Broken Access Control (BAC) in REST API Configuration Service

A broken access control (BAC) vulnerability in the web-based management interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitation of this vulnerability could enable the attacker to disclose sensitive data.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)
Product-arubaos-cxHPE Aruba Networking AOS-CX
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-42394
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-0.31% / 53.62%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 18:57
Updated-12 Aug, 2024 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated Stack-Based Buffer Overflow Remote Command Execution (RCE) in the Soft AP Daemon Service Accessed by the PAPI Protocol

There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.

Action-Not Available
Vendor-HP Inc.Aruba NetworksHewlett Packard Enterprise (HPE)
Product-arubaosinstantosHPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10arubaosaruba_networking_instantos
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-42508
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 27.66%
||
7 Day CHG~0.00%
Published-18 Oct, 2024 | 15:10
Updated-08 Jan, 2026 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability could be exploited, leading to unauthorized disclosure of information to authenticated users.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-oneviewHPE OneView
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-43540
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 17.52%
||
7 Day CHG~0.00%
Published-03 Jan, 2023 | 20:08
Updated-10 Apr, 2025 | 14:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability exists in the ClearPass OnGuard macOS agent that allows for an attacker with local macOS instance access to potentially obtain sensitive information. A successful exploit could allow an attacker to retrieve information that is of a sensitive nature in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)Aruba NetworksApple Inc.
Product-clearpass_policy_managermacosAruba ClearPass Policy Manager
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-43539
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-5.7||MEDIUM
EPSS-0.09% / 24.85%
||
7 Day CHG~0.00%
Published-03 Jan, 2023 | 20:07
Updated-10 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability exists in the ClearPass Policy Manager cluster communications that allow for an attacker in a privileged network position to potentially obtain sensitive information. A successful exploit could allow an attacker to retrieve information that allows for unauthorized actions as a privileged user on the ClearPass Policy Manager cluster in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)Aruba Networks
Product-clearpass_policy_managerAruba ClearPass Policy Manager
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-37930
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 12.66%
||
7 Day CHG~0.00%
Published-03 Nov, 2022 | 15:46
Updated-02 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays and HPE Nimble Storage Secondary Flash Arrays which could potentially allow local disclosure of sensitive information.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)
Product-hf20chf60_firmwaresf100sf100_firmwarehf40_firmwarehf20_firmwarehf60c_firmwaresf300hf40c_firmwarehf20c_firmwarehf40hf20hhf20sf300_firmwarehf60hf40chf60chf20h_firmwareHPE Nimble Storage Hybrid Flash Arrays; Nimble Storage Secondary Flash Arrays
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Details not found