CyberSecurityBoard
Sponsor Register Login

HPE Performance Cluster Manager Vulnerability Allow Remote Attacker to Bypass Authentication

Similar remote authentication bypass flaws have previously been identified in other enterprise management platforms, including a 2021 vulnerability in HP Cloud Service Automation that allowed remote authentication bypass when using Node.js in FIPS mode. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Kaaviya is a Security Editor and fellow reporter with Cyber Security News. This authentication bypass threatens the integrity, confidentiality, and availability of high-performance computing clusters managed by HPCM. The vulnerability is particularly concerning for organizations running critical infrastructure on HPE cluster systems, as it potentially allows unauthorized access to sensitive computing resources. HPCM is widely deployed in enterprise environments for managing Linux-based high-performance computing clusters that can scale to 100,000 nodes. Regular software updates, prompt application of security patches, and implementation of network segmentation can significantly reduce exposure to such vulnerabilities. She is covering various cyber security incidents happening in the Cyber Space.

This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 22 Apr 2025 07:25:10 +0000


Cyber News related to HPE Performance Cluster Manager Vulnerability Allow Remote Attacker to Bypass Authentication

CVE-2023-3440 - Incorrect Default Permissions vulnerability in Hitachi JP1/Performance Management on Windows allows File Manipulation.This issue affects JP1/Performance Management - Manager: from 09-00 before 12-50-07; JP1/Performance Management - Base: from 09-00 ...
1 year ago
Dual Privilege Escalation Chain: Exploiting Monitoring and Service Mesh Configurations and Privileges in GKE to Gain Unauthorized Access in Kubernetes - While each issue might not result in significant damage on its own, when combined they create an opportunity for an attacker who already has access to a Kubernetes cluster to escalate their privileges. If an attacker has the ability to execute in the ...
1 year ago Unit42.paloaltonetworks.com
Hewlett Packard Enterprise Acquire Juniper Networks - HPE to acquire Juniper Networks for $14 billion in cash, in a move to bolster its AI networking credentials. Hewlett Packard Enterprise, a veteran of the tech industry, has confirmed a multi billion dollar acquisition of Juniper Networks. HPE ...
1 year ago Silicon.co.uk
Kubernetes DaemonSet: Monitoring in Kubernetes - That's why it makes sense to collect logs from every node and send them to some sort of central location outside the Kubernetes cluster for persistence and later analysis. A DaemonSet in Kubernetes is a specific kind of workload controller that ...
1 year ago Feeds.dzone.com
CVE-2022-28620 - A remote authentication bypass vulnerability was discovered in HPE Cray Legacy Shasta System Solutions; HPE Slingshot; and HPE Cray EX supercomputers versions: Prior to node controller firmware associated with HPE Cray EX liquid cooled blades, and ...
1 year ago
CVE-2023-32191 - When RKE provisions a cluster, it stores the cluster state in a configmap called full-cluster-state inside the kube-system namespace of the cluster itself. This cluster state object contains information used to set up the K8s cluster, which may ...
10 months ago Tenable.com
Latest Adblock update causes massive YouTube performance hit - Adblock and Adblock Plus users report performance issues on YouTube, initially blamed on Google but later determined to be an issue in the popular ad-blocking extension. Adblock and Adblock Plus are two ad blockers created by the same developer for ...
1 year ago Bleepingcomputer.com
CVE-2020-7205 - A potential security vulnerability has been identified in HPE Intelligent Provisioning, Service Pack for ProLiant, and HPE Scripting ToolKit. The vulnerability could be locally exploited to allow arbitrary code execution during the boot process. ...
3 years ago
HPE investigates new breach after data for sale on hacking forum - Hewlett Packard Enterprise is investigating a potential new breach after a threat actor put allegedly stolen data up for sale on a hacking forum, claiming it contains HPE credentials and other sensitive information. The company has told ...
1 year ago Bleepingcomputer.com APT1 APT29
Passwordless Login: Effortless Authentication - Let's explore how passwordless login paves the way for seamless and secure user authentication, fostering trust and loyalty. The Password Dilemma Though conventional complex password-based authentication has long been a cornerstone of robust ...
1 year ago Feeds.dzone.com
HPE Performance Cluster Manager Vulnerability Allow Remote Attacker to Bypass Authentication - Similar remote authentication bypass flaws have previously been identified in other enterprise management platforms, including a 2021 vulnerability in HP Cloud Service Automation that allowed remote authentication bypass when using Node.js in FIPS ...
3 hours ago Cybersecuritynews.com
CloudFlare Network Performance Update: A CIO Edition - Nowadays, more organizations than ever are relying on CloudFlare's global infrastructure to ensure the best performance for their websites and services. This is no different for companies that have a Chief Information Officer (CIO). With the dramatic ...
2 years ago Blog.cloudflare.com
What Is Kerberos Authentication?: Implementing Effective Security Protocols - Kerberos is a vital security protocol that any serious computer user must be familiar with. It is an open standard that provides a secure way of verifying the identity of user across multiple systems. The Kerberos authentication protocol is a ...
2 years ago Heimdalsecurity.com
CVE-2022-31098 - Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. A vulnerability in the logging of Weave GitOps could allow an authenticated remote attacker to view sensitive ...
2 years ago
CVE-2021-29201 - A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE ...
3 years ago
CVE-2021-29204 - A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE ...
3 years ago
CVE-2021-29205 - A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE ...
3 years ago
CVE-2021-29206 - A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE ...
3 years ago
CVE-2021-29211 - A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE ...
3 years ago
CVE-2021-29207 - A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE ...
3 years ago
CVE-2021-29209 - A remote dom xss, crlf injection vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity ...
2 years ago
CVE-2021-29210 - A remote dom xss, crlf injection vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity ...
2 years ago
CVE-2021-29208 - A remote dom xss, crlf injection vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity ...
2 years ago
CVE-2021-29202 - A local buffer overflow vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 ...
3 years ago
CVE-2024-9779 - A flaw was found in Open Cluster Management (OCM) when a user has access to the worker nodes which contain the cluster-manager or klusterlet deployments. The cluster-manager deployment uses a service account with the same name "cluster-manager" which ...
4 months ago Tenable.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)