HPE urges immediate patching of OneView after critical security flaw found

Suomi

Hewlett Packard Enterprise has instructed customers to patch its OneView software right away due to a top-level security vulnerability. The flaw received a perfect score of 10 out of 10 in severity assessments.

Hewlett Packard Enterprise (HPE) has issued an urgent advisory to its customers regarding a severe security issue in its OneView infrastructure management platform. The vulnerability, described as a top-level flaw, has been rated 10/10 on the Common Vulnerability Scoring System (CVSS), indicating the highest possible risk level.

According to the report from TechRadar, HPE is emphasizing the need for immediate patching to mitigate potential exploits. OneView is a key tool used by IT administrators to manage and automate HPE's server, storage, and networking hardware, making the flaw particularly concerning for enterprise environments.

The advisory comes as cybersecurity threats continue to evolve, with critical vulnerabilities like this one potentially allowing unauthorized access or system compromise if left unaddressed. HPE has not detailed the exact nature of the flaw in the initial notice, but the call to action underscores its seriousness.

Customers relying on OneView are advised to check HPE's security bulletins for the latest patches and implementation guidance. This incident highlights the ongoing importance of timely software updates in maintaining robust defenses against cyber risks.

Liittyvät artikkelit

Illustration of a cyber attack on Cisco devices, showing analysts monitoring screens with code and warnings in a dark operations room.
AI:n luoma kuva

Operation Zero Disco exploits Cisco SNMP flaw for rootkits

Raportoinut AI AI:n luoma kuva

Cyber threat actors in Operation Zero Disco have exploited a vulnerability in Cisco's SNMP service to install persistent Linux rootkits on network devices. The campaign targets older Cisco switches and uses crafted packets to achieve remote code execution. Trend Micro researchers disclosed the attacks on October 16, 2025, highlighting risks to unpatched systems.

Microsoft patches security flaw in Office software

Microsoft has issued an emergency patch for a worrying security flaw in its Office software. The vulnerability could allow hackers to access users' files if not updated promptly. The patch was released to address this critical issue.

WatchGuard Firebox OS patches critical security flaw

Raportoinut AI

WatchGuard has addressed a critical remote code execution vulnerability in its Firebox OS firewall software. The company urges users to update immediately to mitigate the risk. The flaw was identified by the firewall maker itself.

Teknologia

Apple fixes zero-day flaws in WebKit for sophisticated attacks

Teknologia

North Korean hackers exploit maximum severity React2Shell flaw

Teknologia

Fortinet FortiGate devices face automated attacks creating rogue accounts

Thousands of Korean Air employees exposed in Oracle breach

Korean Air, a major South Korean airline, has been affected by a supply-chain attack originating from Oracle, resulting in the exposure of thousands of its employees' information. The incident highlights vulnerabilities in third-party software services. Details emerged in a recent security report.

Linux battery utility TLP patched after authentication bypass flaw

Raportoinut AI

A critical vulnerability in the TLP Linux power management tool has been fixed after researchers discovered it allowed local attackers to bypass authentication and alter system settings. The flaw, identified in version 1.9.0 and tracked as CVE-2025-67859, stemmed from a race condition in the Polkit mechanism. TLP developers released version 1.9.1 on January 7, 2026, addressing the issue following coordinated disclosure.

Motherboards from gigabyte, msi, asus and asrock face uefi flaw risks

Motherboards produced by major manufacturers including Gigabyte, MSI, ASUS, and ASRock are reportedly vulnerable to a new attack exploiting a UEFI flaw. This vulnerability allows direct memory access attacks on many popular devices. The issue was highlighted in a TechRadar report published on December 22, 2025.

Amazon discloses Linux WorkSpaces vulnerability in authentication tokens

Raportoinut AI

Amazon Web Services has revealed a security flaw in its WorkSpaces client for Linux that allows local attackers to extract authentication tokens and access other users' virtual desktops. The vulnerability, CVE-2025-12779, affects client versions from 2023.0 to 2024.8 and carries a CVSS score of 8.8. AWS urges immediate upgrades to version 2025.0 or later to mitigate the risk.

25. tammikuuta 2026 21.11

Microsoft releases second emergency update for Windows 11 Outlook crashes

21. tammikuuta 2026 06.39

NVIDIA fixes critical flaw in NSIGHT Graphics for Linux

18. tammikuuta 2026 09.56

Microsoft issues emergency fix for Windows 11 shutdown issues

15. tammikuuta 2026 07.01

Microsoft Copilot faces single-click prompt injection vulnerability

13. tammikuuta 2026 14.43

US government urged to patch critical Gogs security flaw

9. tammikuuta 2026 07.35

IBM's AI Bob vulnerable to malware manipulation

8. tammikuuta 2026 08.48

The myth of Linux's invincibility in enterprise security

21. joulukuuta 2025 12.02

Chinese hackers install backdoors via Cisco email zero-day

19. joulukuuta 2025 11.19

Cisco email security products targeted in zero-day campaign

16. joulukuuta 2025 23.12

React2Shell exploits continue with large-scale Linux backdoor deployments and cloud credential theft

 

 

 

Tämä verkkosivusto käyttää evästeitä

Käytämme evästeitä analyysiä varten parantaaksemme sivustoamme. Lue tietosuojakäytäntömme tietosuojakäytäntö lisätietoja varten.
Hylkää