SynopsisA software/firmware update application running on the remote is affected by an authentication bypass vulnerability.
DescriptionThe HPE Smart Update manager running on the remote host is affected by an authentication bypass vulnerability. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to bypass authentication and execute arbitrary actions defined by the application.
SolutionHP Smart Update Manager 8.5.0 or later appears to fix the vulnerability. Contact the vendor for confirmation.