Hewlett Packard Enterprise (HPE) has disclosed a zero-day remote code execution flaw that affects the latest versions of its HPE Systems Insight Manager (SIM) software for Windows and Linux.HPE SIM is a managementand remote support automation solution for multiple HPE solutions, including servers, storage, and networking products.The flaw stems from the lack of proper validation of user-supplied data that can result in the deserialization of untrusted data. The vulnerability could be exploited by attackers with no privileges without user interaction.

Source: securityaffairs.com