Multiple Vulnerabilities have been discovered in HPE StoreOnce Software, which when chained together could allow for remote code execution, potentially leading to session hijacking and full system compromise. HPE StoreOnce is a data protection platform from Hewlett Packard Enterprise that uses deduplication to reduce backup storage requirements and improve backup and recovery speeds. Successful exploitation of these vulnerabilities could allow remote code execution, disclosure of information, server-side request forgery, authentication bypass, arbitrary file deletion, and directory traversal information disclosure.

Read more... Cyber Security Advisories - MS-ISAC