HPE Warns of Critical Security Flaw in OneView Software

[johny899]

Do you recall reading a security alert that sounded pretty frightening? We have a similar case here. HPE has alerted all users of the serious security problem in its OneView software, and an immediate response is necessary.

What Is the Problem?​

HPE OneView is designed to allow organisations to manage their entire server and network infrastructure from one centralised location. Recently, HPE found a critical error with this software.

This error allows for the execution of Code Remotely, which means:

• A hacker could remotely control the system.
• A hacker would not require a username or password and
• The consequences could be catastrophic.

Security specialists have rated this error with the highest rating, a 10 out of 10, indicating its severity.

Who Is Affected?​

• The flaw affects all versions of OneView prior to version 11.00.
• It also affects systems that are not updated to the latest version.

There is currently no temporary fix for this flaw. The only way to protect against it is to bring your software up-to-date.

What To Do Now: If You Use HPE OneView:​

• You need to upgrade your existing OneView software to at least Version 11.00 or higher.
• If you are currently using an outdated version of OneView, you need to install the necessary HPE Security Hotfix for your version.
• After completing any upgrades or after performing a system reset, you will have to reapply this hotfix.

Are Any Systems Being Compromised?​

At this time, there have been no public reports of any systems being compromised due to this issue, which is good, however, once a vulnerability is made public, hackers are able to exploit it very quickly, so it is not wise to wait until the last minute.