HPE Fixes StoreOnce Flaw Allowing Remote Intrusion

Hewlett Packard Enterprise has issued security patches addressing a set of eight vulnerabilities in its StoreOnce data backup and deduplication product. The flaws, if left unpatched, could allow attackers to bypass authentication mechanisms and execute arbitrary code remotely, the company said.

The vulnerabilities impact the StoreOnce platform, which is used by enterprises to manage and reduce data storage through deduplication. According to HPE, the bugs could also lead to the disclosure of sensitive information and enable server-side request forgery (SSRF) attacks, increasing the potential for broader exploitation in affected environments.

The company has urged users to apply the latest security updates immediately to mitigate the risks. The vulnerabilities can be exploited remotely, posing a significant threat to systems exposed to the internet or accessible through compromised internal networks.

The security advisory did not include specific technical details about the flaws, but emphasized the importance of prompt remediation to ensure system integrity.