HPE's server software has 'critical' security flaw

0 0 Thursday, December 17, 2020

HPE has released a new security bulletin disclosing a zero-day vulnerability in the latest version of its Systems Insight Manager (SIM) se...

HPE has released a new security bulletin disclosing a zero-day vulnerability in the latest version of its Systems Insight Manager (SIM) server software.

HPE SIM is a management and remote support automation solution for Windows and Linux intended to be used with the company's servers, storage and networking products.

The recently disclosed zero-day vulnerability, tracked as CVE-2020-7200, was first reported by security researcher Harrison Neal through Trend Micro's Zero Day Initiative and it affects version 7.6 of the company's SIM software.

Although HPE has released mitigation info for the vulnerability and is currently working on a patch to fully address the issue, it did not reveal whether the zero-day is being actively exploited in the wild.

Remote code execution

HPE has given the vulnerability a critical severity rating of 9.8 as it can be exploited by attackers with no privileges to remotely execute code on servers running the vulnerable version of its SIM software.

In its security bulletin, the company explained that the vulnerability can be mitigated by disabling SIM's “Federated Search” and “Federated CMS Configuration” features. HPE will also release a complete fix that prevents the remote code execution vulnerability in the coming weeks.

For now though, system admins who use HPE's SIM management software will need to stop the HPE SIM Service, delete the simsearch.ware file, restart the service and execute the command “mxtool -r -f tools\multi-cms-search.xml 1>nul 2>nul” from a command prompt.

While this will prevent the vulnerability from being exploited by potential attackers, it will also mean that HPE SIM users can no longer use the federated search feature.

Via BleepingComputer



from TechRadar - All the latest technology news https://ift.tt/3r7gGY3
via IFTTT

Labels:

SHARE:

Twitter Facebook Google Pinterest

COMMENTS

BLOGGER
Surprise Gifts for Best Comments... Follow, Share & Comment!

(Also we do all types of Promotional Activities for your Products / Website or Company. You can instantly contact us by sending your details in the footer "Promotional Activities Form".)

Team TrendlyNews,
www.trendlynews.in
DISQUS
Name

Apps,3858,Business,151,Camera,1155,Earn $$$,3,Gadgets,1741,Games,926,GTA,1,Innovations,3,Mobile,1697,Paid Promotions,5,Promotions,5,Sports,1,Technology,8106,Trailers,796,Travel,37,Trending,4,Trendly News,25335,TrendlyNews,123,Video,5,XIAOMI,13,YouTube - 9to5Google,122,
ltr
item
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews: HPE's server software has 'critical' security flaw
HPE's server software has 'critical' security flaw
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews
http://www.trendlynews.in/2020/12/hpes-server-software-has-critical.html
http://www.trendlynews.in/
http://www.trendlynews.in/
http://www.trendlynews.in/2020/12/hpes-server-software-has-critical.html
true
3372890392287038985
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy