Security News > 2021 > May > HPE fixes critical zero-day vulnerability disclosed in December
Hewlett Packard Enterprise has released a security update to address a zero-day remote code execution vulnerability in the HPE Systems Insight Manager software, disclosed last year, in December.
HPE SIM is a remote support automation and management solution for HPE servers, storage, and networking products, including HPE's ProLiant Gen10 and ProLiant Gen9 servers.
The RCE vulnerability tracked as CVE-2020-7200 was found in the latest versions of HPE's proprietary Systems Insight Manager software, and it ONLY affects the Windows version.
HPE rated the bug as a critical severity security flaw as it allows attackers with no privileges to exploit it in low complexity attacks that don't require user interaction.
Wait for the HPE SIM web page "Https://SIM IP:50000" to be accessible and execute the following command from a command prompt: mxtool -r -f toolsmulti-cms-search.
Once the mitigation measures are taken, HPE SIM users will no longer be able to use the federated search feature.
News URL
Related news
- Zero-Day Vulnerability in Ivanti VPN (source)
- Critical zero-days impact premium WordPress real estate plugins (source)
- Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw (source)
- SonicWall flags critical bug likely exploited as zero-day, rolls out hotfix (source)
- Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085) (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score (source)
- Russian cybercrooks exploiting 7-Zip zero-day vulnerability (CVE-2025-0411) (source)
- PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks (source)
- Critical PostgreSQL bug tied to zero-day attack on US Treasury (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-18 | CVE-2020-7200 | Unspecified vulnerability in HP Systems Insight Manager 7.6 A potential security vulnerability has been identified in HPE Systems Insight Manager (SIM) version 7.6. | 9.8 |