HPE discloses critical zero-day in server management software

Hewlett Packard Enterprise (HPE) has disclosed a zero-day bug in the latest versions of its proprietary HPE Systems Insight Manager (SIM) software for Windows and Linux.

While security updates are not yet available for this remote code execution (RCE) vulnerability, HPE has provided Windows mitigation info and is working on addressing the zero-day.

Zero-days are publicly disclosed vulnerabilities not yet patched by the vendor which, in some cases, are also actively exploited in the wild or have publicly available proof-of-concept exploits.

Read more…
Source: Bleeping Computer