HPe SIM 7.6x Software – Critical Vulnerability

Are you an HPe server customer?

This vulnerability is “found in the latest versions (7.6.x) of HPE’s SIM software and only affects the Windows version.”

Make sure to apply the Hotfix Update Kit for HPE Systems Insight Manager 7.6 ASAP!


The workaround for existing system prior to the Hotfix Update Kit issued on April 20:

  1. Stop HPE SIM Service
  2. Delete <C:\Program Files\HP\Systems Insight Manager\jboss\server\hpsim\deploy\simsearch.war> file from sim installed path del /Q /F C:\Program Files\HP\Systems Insight Manager\jboss\server\hpsim\deploy\simsearch.war
  3. Restart the HPE SIM Service
  4. Wait for HPE SIM web page “https://SIM_IP:50000” to be accessible and execute the following command from command prompt: mxtool -r -f tools\multi-cms-search.xml 1>nul 2>nul

HPE SIM users will no longer be able to use the federated search feature after using the workaround.

More info here

Official HPe bulletin here