Advisory Type: IT Security
Severity: Critical Severity Summary:
PDS is providing the following communication to build awareness of vulnerabilities in HPE SimpliVity Omnistack for Hyper-V.
On April 25, 2022, Hewlett Packard Enterprise published Security Bulletin HPESBST04272 documenting a series of critical vulnerabilities present in the SimpliVity Omnistack for Hyper-V product. The highest CVSS score of these vulnerabilities is 8.8.
HPE SimpliVity Omnistack for Hyper-V vulnerabilities could be remotely exploited to allow remote code execution (RCE), information/data leaks, and to impersonate arbitrary services. Versions prior to v4.1.0U1 are vulnerable.
HPE published an update which permanently resolves the issues.
We advise customers to review the status of the HPE Security Advisory with respect to their environment and apply the recommended update immediately. PDS Architects are available to assist with the update procedure which can be completed without a service outage in most instances.