Hewlett Packard Enterprise (HPE) has released security patches for critical vulnerabilities in its OneView management software and Telco Service Activator platform. The updates address remote code execution, authentication bypass, and DoS vulnerabilities, emphasizing the importance of timely application. #HPEOneView #CVE202537164 #TelcoServiceActivator
Keypoints
- HPE announced patches for a critical vulnerability in its OneView software, impacting all versions prior to 11.00.
- The vulnerability (CVE-2025-37164) allows remote code execution without authentication.
- HPE also fixed three vulnerabilities in the Telco Service Activator platform, affecting versions up to 10.3.2.
- Exploitation of these flaws could lead to DoS, authentication bypass, or CRLF injection.
- Customers are urged to update to the latest versions to mitigate risks, although no active exploitation has been reported.
Read More: https://www.securityweek.com/hpe-patches-critical-flaw-in-it-infrastructure-management-software/