Zero-Day Vulnerability Alert — HPE Systems

Home/Security Update/Zero-Day Vulnerability Alert — HPE Systems

Zero-Day Vulnerability Alert — HPE Systems

Hewlett Packard Enterprise Systems Insight Manager (SIM), AMF Deserialization of Untrusted Data, Remote Code Execution Vulnerability.

Description:

HPE Systems Insight Manager (SIM) software is prone to a remote code execution vulnerability.

It is due to lack of proper validation of user-supplied data that can result in the deserialization of untrusted data.

However, An unauthenticated remote attacker can exploit this vulnerability to execute code on servers.

Follow Us on: Twitter, InstagramFacebook to get latest security news!

Vulnerability:

CVE-2020-7200

Platform: 

Windows, Linux

Vulnerable Platforms:

Above all, The vulnerable platforms — HPE Systems Insight Manager (SIM) 7.6.x

Solutions:

HPE has made the following mitigation information available to temporarily prevent the vulnerability in HPE Systems Insight Manager (SIM) for Windows.

However, A complete fix that prevents the remote code execution vulnerability will be made available in a future release.

Users will be unable to use the federated search feature once the simsearch.war file is removed from the install path.

Reference:

https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04068en_us

Post Views: 853
By | 2020-12-17T15:08:49+05:30 December 17th, 2020|Security Update|

About the Author:

FirstHackersNews- Identifies Security

Related Posts

One Comment

  1. best writing services February 8, 2021 at 1:02 pm - Reply

    Very good article. I am dealing wiith a few of these issues as well..

Leave A Comment

Subscribe to our newsletter to receive security tips everday!