A remote code execution vulnerability exists in HPE Systems Insight Manager (SIM) due to a failure to validate data during the deserialization process when a user submits a POST request to the /simsearch/messagebroker/amfsecure page.
An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands as the administrative user running HPE SIM.
Binary data hpe_sim_cve-2020-7200.nbin
Vendor | Product | Version | CPE |
---|---|---|---|
hp | systems_insight_manager | cpe:/a:hp:systems_insight_manager |