HPE fixes maximum severity remote auth bypass bug in SSMC console


Level 16
May 4, 2019
Hewlett Packard Enterprise (HPE) has fixed a maximum severity remote authentication bypass vulnerability affecting the company's HPE StoreServ Management Console (SSMC) data center storage management solution.

HPE SSMC is a management and reporting console for HPE Primera (data storage for mission-critical apps) and HPE 3PAR StoreServ systems (AI-powered storage cloud service providers) data center arrays.
SSMC "is an off node multiarray manager web application and remains isolated from data on the managed arrays" according to HPE's advisory.