MS-ISAC consultancy number:
2025-054
Published date (s):
04/06/2025
PREVIEW:
Several vulnerabilities have been discovered in the Hpe Storeonce software, which, when chained, could allow a distant code execution, potentially leading to a session diversion and a complete compromise of the system. HPE Storeonce is a data protection platform from Hewlett Packard Enterprise that uses deduplication to reduce backup storage requirements and improve backup and recovery speeds. The successful exploitation of these vulnerabilities could allow the execution of the remote code, the disclosure of information, the counterfeit server on the server side, the authentication bypass, the arbitrary deletion of the files and the disclosure of information crossing the directory.
Threat intelligence:
There is currently no report of these vulnerabilities exploited in the wild.
Affected systems:
- HPE StoreOnce Software versions prior to 4.3.11 or later
Large and medium government entities
Small government
Large and medium business entities
Small business entities
