Are you an HPe server customer?
This vulnerability is “found in the latest versions (7.6.x) of HPE’s SIM software and only affects the Windows version.”
Make sure to apply the Hotfix Update Kit for HPE Systems Insight Manager 7.6 ASAP!
The workaround for existing system prior to the Hotfix Update Kit issued on April 20:
- Stop HPE SIM Service
<C:\Program Files\HP\Systems Insight Manager\jboss\server\hpsim\deploy\simsearch.war>file from sim installed path
del /Q /F C:\Program Files\HP\Systems Insight Manager\jboss\server\hpsim\deploy\simsearch.war
- Restart the HPE SIM Service
- Wait for HPE SIM web page “https://SIM_IP:50000” to be accessible and execute the following command from command prompt:
mxtool -r -f tools\multi-cms-search.xml 1>nul 2>nul
HPE SIM users will no longer be able to use the federated search feature after using the workaround.
More info here
Official HPe bulletin here