Primary

Context

HPE Performance Cluster Manager Authentication Bypass Vulnerability

Vulnerability

An authentication bypass vulnerability has been identified in the HPE Performance Cluster Manager (HPCM) GUI, version 1.12 and earlier. This vulnerability could allow an attacker to bypass authentication mechanisms within the application.

Impact

Exploitation of this vulnerability could lead to unauthorized access by bypassing authentication requirements in the HPCM GUI.

Remediation

HPE has released a patch for this vulnerability in HPCM version 1.13. For versions prior to 1.13, HPE recommends disabling the GUI by adding '-Dcmu.rmi=false' to the 'CMU_JAVA_SERVER_ARGS' in the 'cmuserver.conf' file, and restarting the 'cmdb.service'. This will prevent the RMI service, which the GUI uses to communicate with the server, from starting.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HPE Performance Cluster Manager Authentication Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating