Hewlett Packard Enterprise StoreOnce 路径遍历漏洞

Hewlett Packard Enterprise StoreOnce is a cloud backup data protection system from Hewlett Packard Enterprise USA. A security vulnerability exists in Hewlett Packard Enterprise StoreOnce that originates from directory traversal and could lead to arbitrary file deletion...

Hewlett Packard Enterprise StoreOnce VSA setLocateBeaconOnHardware Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise StoreOnce VSA. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

Hewlett Packard Enterprise StoreOnce 路径遍历漏洞

Hewlett Packard Enterprise StoreOnce is a cloud backup data protection system from Hewlett Packard Enterprise USA. A security vulnerability exists in Hewlett Packard Enterprise StoreOnce that originates from directory traversal and could lead to information disclosure...

Hewlett Packard Enterprise StoreOnce VSA getServerCertificate Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise StoreOnce VSA. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

Hewlett Packard Enterprise StoreOnce VSA determineInclusionAndExtract Server-Side Request Forgery Vulnerability

This vulnerability allows remote attackers to initiate arbitrary server-side requests on affected installations of Hewlett Packard Enterprise StoreOnce VSA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the...

CVE-2022-28622

A potential security vulnerability has been identified in HPE StoreOnce Software. The SSH server supports weak key exchange algorithms which could lead to remote unauthorized access. HPE has made the following software update to resolve the vulnerability in HPE StoreOnce Software 4.3.2...

CVE-2021-26587

A potential DOM-based Cross Site Scripting security vulnerability has been identified in HPE StoreOnce. The vulnerability could be remotely exploited to cause an elevation of privilege leading to partial impact to confidentiality, availability, and integrity. HPE has made the following software...

CVE-2013-2342

The HP StoreOnce D2D backup system with software before 3.0.0 has a default password of badg3r5 for the HPSupport account, which allows remote attackers to obtain administrative access and delete data via an SSH session...

CVE-2013-2353

Unspecified vulnerability in HP StoreOnce D2D Backup System 1.x before 1.2.19 and 2.x before 2.3.0 allows remote attackers to cause a denial of service via unknown vectors...

PT-2025-23521 · Hewlett Packard · Hpe Storeonce

Name of the Vulnerable Software and Affected Versions: HPE StoreOnce Software affected versions not specified Description: A directory traversal information disclosure issue exists. This allows for potential information disclosure due to directory traversal vulnerabilities in the getServerPayload...

PT-2025-23514 · Hewlett Packard · Hpe Storeonce

Name of the Vulnerable Software and Affected Versions: HPE StoreOnce Software affected versions not specified Description: A command injection remote code execution issue exists in the software. This allows for potential exploitation. The estimated number of affected devices and details about...

PT-2025-23516 · Hewlett Packard · Hpe Storeonce

Name of the Vulnerable Software and Affected Versions: HPE StoreOnce Software affected versions not specified Description: A command injection remote code execution issue exists. This allows for the execution of arbitrary commands, potentially leading to unauthorized access and control...

PT-2025-23522 · Hewlett Packard · Hpe Storeonce

Name of the Vulnerable Software and Affected Versions: HPE StoreOnce Software affected versions not specified Description: A command injection remote code execution issue exists. This allows for potential code execution on a remote server. Recommendations: At the moment, there is no information...

PT-2025-23515 · Hewlett Packard · Hpe Storeonce

Name of the Vulnerable Software and Affected Versions: HPE StoreOnce Software affected versions not specified Description: A server-side request forgery vulnerability exists in HPE StoreOnce Software. This issue allows for exploitation through specific API endpoints, although the exact endpoints...

PT-2025-23518 · Hewlett Packard · Hpe Storeonce

Name of the Vulnerable Software and Affected Versions: HPE StoreOnce VSA affected versions not specified HPE StoreOnce Software affected versions not specified Description: A command injection remote code execution vulnerability exists in the software. The issue is related to the...

PT-2025-23520 · Hewlett Packard · Hpe Storeonce

Name of the Vulnerable Software and Affected Versions: HPE StoreOnce Software affected versions not specified Description: A directory traversal arbitrary file deletion issue exists. This allows for the deletion of arbitrary files, potentially leading to data loss or system instability. No...

PT-2025-23519 · Hewlett Packard · Hpe Storeonce

Name of the Vulnerable Software and Affected Versions: HPE StoreOnce versions prior to 4.3.11 Description: The issue is related to an authentication bypass vulnerability in HPE StoreOnce, which could allow a remote attacker to bypass security restrictions. This vulnerability may be chained with...

StoreOnce and Veeam Immutability Compatibility

Challenge A backup job that targets an HPE StoreOnce Catalyst repository may display either of the following messages: In Veeam Backup & Replication 12.0, the job will fail and display the error: OSCLTERRIMMUTABLEEPOCHREQUESTEXCEEDSMAXIMUM. Err: -1817 In Veeam Backup & Replication 12.1, the job...

Task fails with "Repository is not compatible with Catalyst Store with fixed block setting enabled"

Challenge A Veeam Backup & Replication job targeting a StoreOnce Repository backed by a Catalyst Store that has Fixed Block Chunking enabled fails with either of the following errors: Repository is not compatible with Catalyst Store with fixed block setting enabled Error:...

CVE-2022-28622

A potential security vulnerability has been identified in HPE StoreOnce Software. The SSH server supports weak key exchange algorithms which could lead to remote unauthorized access. HPE has made the following software update to resolve the vulnerability in HPE StoreOnce Software 4.3.2...