Hewlett Packard Enterprise Systems Insight Manager (SIM), AMF Deserialization of Untrusted Data, Remote Code Execution Vulnerability.
HPE Systems Insight Manager (SIM) software is prone to a remote code execution vulnerability.
It is due to lack of proper validation of user-supplied data that can result in the deserialization of untrusted data.
However, An unauthenticated remote attacker can exploit this vulnerability to execute code on servers.
Above all, The vulnerable platforms — HPE Systems Insight Manager (SIM) 7.6.x
HPE has made the following mitigation information available to temporarily prevent the vulnerability in HPE Systems Insight Manager (SIM) for Windows.
However, A complete fix that prevents the remote code execution vulnerability will be made available in a future release.
Users will be unable to use the federated search feature once the simsearch.war file is removed from the install path.