Number: AV21-234
Date: 19 May 2021
On 18 May 2021 HPE published Security Bulletins to address vulnerabilities in the following products:
- HPE Integrated Lights-Out 5 for HPE Gen 10 Servers – versions prior to 2.44
- HPE Integrated Lights-Out-4 – versions prior to 2.78
- HPE 3PAR – multiple platforms and versions
- HPE Apollo – multiple platforms, versions prior to 2.44
- HPE ProLiant – multiple platforms and versions
- HPE Storage File Controller – versions prior to 2.44
- HPE StoreEasy – multiple platforms and versions
- HPE Synergy – multiple platforms, versions prior to HPE Synergy Service Pack 2021.05.01
- HPE SimpliVity – multiple platforms and versions
- Intelligent provisioning – multiple versions
- Scripting Toolkit for Linux – versions prior to 11.51
Exploitation of these vulnerabilities could result in code execution as a privileged user or allow an actor to bypass secure boot on systems where it is enabled.
The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.
HPE Security Bulletin (HPESBHF04133 rev.1)
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04133en_us
HPE Security Bulletin (HPESBHF04121 rev.1)
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04121en_us
HPE Security Bulletin (HPESBHF04130 rev.1)
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04130en_us
HPE Security Bulletin (HPESBHF04134 rev.1)
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04134en_us
HPE Security Bulletin (HPESBHF04147 rev.1)
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04147en_us
Note to Readers
The Canadian Centre for Cyber Security (Cyber Centre) operates as part of the Communications Security Establishment. We are Canada’s national authority on cyber security and we lead the government’s response to cyber security events. As Canada's national computer security incident response team, the Cyber Centre works in close collaboration with government departments, critical infrastructure, Canadian businesses and international partners to prepare for, respond to, mitigate, and recover from cyber events. We do this by providing authoritative advice and support, and coordinating information sharing and incident response. The Cyber Centre is outward-facing, welcoming partnerships that help build a stronger, more resilient cyber space in Canada.