Security News > 2021 > May > HPE fixes critical zero-day vulnerability disclosed in December
Hewlett Packard Enterprise has released a security update to address a zero-day remote code execution vulnerability in the HPE Systems Insight Manager software, disclosed last year, in December.
HPE SIM is a remote support automation and management solution for HPE servers, storage, and networking products, including HPE's ProLiant Gen10 and ProLiant Gen9 servers.
The RCE vulnerability tracked as CVE-2020-7200 was found in the latest versions of HPE's proprietary Systems Insight Manager software, and it ONLY affects the Windows version.
HPE rated the bug as a critical severity security flaw as it allows attackers with no privileges to exploit it in low complexity attacks that don't require user interaction.
Wait for the HPE SIM web page "Https://SIM IP:50000" to be accessible and execute the following command from a command prompt: mxtool -r -f toolsmulti-cms-search.
Once the mitigation measures are taken, HPE SIM users will no longer be able to use the federated search feature.
News URL
Related news
- Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability (source)
- Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches (source)
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- Choose your own Patch Tuesday adventure: Start with six zero day fixes, or six critical flaws (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- New Critical AMI BMC Vulnerability Enables Remote Server Takeover and Bricking (source)
- IBM scores perfect 10 ... vulnerability in mission-critical OS AIX (source)
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
- Infoseccers criticize Veeam over critical RCE vulnerability and a failing blacklist (source)
- Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-18 | CVE-2020-7200 | Unspecified vulnerability in HP Systems Insight Manager 7.6 A potential security vulnerability has been identified in HPE Systems Insight Manager (SIM) version 7.6. | 9.8 |