Security News > 2020 > December > HPE discloses critical zero-day in server management software

Hewlett Packard Enterprise has disclosed a zero-day bug in the latest versions of its proprietary HPE Systems Insight Manager software for Windows and Linux.
HPE SIM is a management and remote support automation solution for multiple HPE servers, storage, and networking products including but not limited to HPE ProLiant Gen10 and HPE ProLiant Gen9 Servers.
The vulnerability, reported by Harrison Neal through Trend Micro's Zero Day Initiative, is tracked as CVE-2020-7200 and it affects HPE Systems Insight Manager 7.6.x. CVE-2020-7200 was rated by HPE as a critical severity security flaw that allows attackers with no privileges to exploit it as part of low complexity attacks that don't require user interaction.
While HPE SIM comes with support for both Linux and Windows operating systems, HPE only issued mitigation info to block attacks against Windows systems.
According to HPE, once the mitigation measures will be taken, HPE SIM users will no longer be able to use the federated search feature.
News URL
Related news
- CentreStack RCE exploited as zero-day to breach file sharing servers (source)
- Critical flaws fixed in Nagios Log Server (source)
- Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised (source)
- Critical Langflow RCE flaw exploited to hack AI app servers (source)
- Apache Parquet exploit tool detect servers vulnerable to critical flaw (source)
- Türkiye Hackers Exploited Output Messenger Zero-Day to Drop Golang Backdoors on Kurdish Servers (source)
- Fortinet fixes critical zero-day exploited in FortiVoice attacks (source)
- Microsoft Fixes 78 Flaws, 5 Zero-Days Exploited; CVSS 10 Bug Impacts Azure DevOps Server (source)
- Russia-Linked APT28 Exploited MDaemon Zero-Day to Hack Government Webmail Servers (source)
- Critical Windows Server 2025 dMSA Vulnerability Enables Active Directory Compromise (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-12-18 | CVE-2020-7200 | Unspecified vulnerability in HP Systems Insight Manager 7.6 A potential security vulnerability has been identified in HPE Systems Insight Manager (SIM) version 7.6. | 9.8 |