CVE-2018-7108

Name of the Vulnerable Software and Affected Versions HPE StorageWorks XP7 Automation Director (AutoDir) versions 8.5.2-02 through earlier than 8.6.1-00

Description The issue is related to deficiencies in the authentication procedure of the HPE StorageWorks XP7 Automation Director (AutoDir) software. Exploitation of this issue may allow a remote attacker to disclose protected information. The problem occurs under specific conditions when running a service template, allowing for local and remote authentication bypass, which exposes user authentication information of the storage system.

Recommendations For versions 8.5.2-02 through earlier than 8.6.1-00, update to version 8.6.1-00 or later to resolve the authentication bypass vulnerability.