Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2026/VULN251
_____________________________________________________________________

DATE                : 04/03/2026

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running HPE AutoPass License Server
                             versions prior to 9.19.

=====================================================================
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn05003en_us
_____________________________________________________________________

HPESBGN05003 rev.1 - HPE AutoPass License Server (APLS), Remote
Authentication Bypass Vulnerability
Document Subtype: Security Bulletin|Document ID: hpesbgn05003en_us
Last Updated: 2026-02-28|Release Date: 2026-02-27|Document Version: 1

Potential Security Impact: Remote: Authentication Bypass

Source: Hewlett Packard Enterprise, HPE Product Security Response
Team

VULNERABILITY SUMMARY

A potential security vulnerability has been identified in HPE AutoPass
License Server (APLS). This vulnerability could be remotely exploited
to allow authentication bypass.


Reference
	
V3 Vector
	
V3 Base Score
CVE-2026-23600
	
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
	
7.3
Information on CVSS is documented in HPE Customer Notice:
HPSN-2008-002

Hewlett Packard Enterprise would like to thank the Anonymous working
with TrendAI Zero Day Initiative for reporting these vulnerabilities
to security-alert@hpe.com.


RESOLUTION

HPE has made the following software update to resolve this
vulnerability in HPE AutoPass License Server.

    HPE AutoPass License Server (APLS) 9.19 or later

Download HPE AutoPass License Server (APLS)

HISTORY
Version:1 (rev.1) - 27 February 2026 Initial release

Third Party Security Patches: Third party security patches that are to
be installed on systems running Hewlett Packard Enterprise (HPE)
software products should be applied in accordance with the customer's
patch management policy.

Support: For issues about implementing the recommendations of this
Security Bulletin, contact normal HPE Services support channel. For
other issues about the content of this Security Bulletin, send e-mail
to security-alert@hpe.com.

Report: To report a potential security vulnerability for any HPE
supported product:

    Web Form: https://www.hpe.com/info/report-security-vulnerability

    Email: security-alert@hpe.com

    Hewlett Packard Enterprise Product Security Response Policy

Subscribe: To initiate a subscription to receive future HPE Security
Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice

Security Bulletin Archive: A list of recently released Security
Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive

System management and security procedures must be reviewed
frequently to maintain system integrity. HPE is continually
reviewing and enhancing the security features of software
products to provide customers with current secure solutions.


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================