Security News > 2021 > May > HPE fixes critical zero-day vulnerability disclosed in December
Hewlett Packard Enterprise has released a security update to address a zero-day remote code execution vulnerability in the HPE Systems Insight Manager software, disclosed last year, in December.
HPE SIM is a remote support automation and management solution for HPE servers, storage, and networking products, including HPE's ProLiant Gen10 and ProLiant Gen9 servers.
The RCE vulnerability tracked as CVE-2020-7200 was found in the latest versions of HPE's proprietary Systems Insight Manager software, and it ONLY affects the Windows version.
HPE rated the bug as a critical severity security flaw as it allows attackers with no privileges to exploit it in low complexity attacks that don't require user interaction.
Wait for the HPE SIM web page "Https://SIM IP:50000" to be accessible and execute the following command from a command prompt: mxtool -r -f toolsmulti-cms-search.
Once the mitigation measures are taken, HPE SIM users will no longer be able to use the federated search feature.
News URL
Related news
- Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence (source)
- Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution (source)
- Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) (source)
- Fortinet fixes critical zero-day exploited in FortiVoice attacks (source)
- Critical Windows Server 2025 dMSA Vulnerability Enables Active Directory Compromise (source)
- Over 100,000 WordPress Sites at Risk from Critical CVSS 10.0 Vulnerability in Wishlist Plugin (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-18 | CVE-2020-7200 | Unspecified vulnerability in HP Systems Insight Manager 7.6 A potential security vulnerability has been identified in HPE Systems Insight Manager (SIM) version 7.6. | 9.8 |