CVE-2020-7200
published 2020-12-18CVE-2020-7200: A potential security vulnerability has been identified in HPE Systems Insight Manager (SIM) version 7.6. The vulnerability could be exploited to allow remote…
PriorityP184critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
81.89%
99.6th percentile
A potential security vulnerability has been identified in HPE Systems Insight Manager (SIM) version 7.6. The vulnerability could be exploited to allow remote code execution.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hp | systems_insight_manager | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unauthenticated HTTP POST requests to /simsearch/messagebroker/amfsecure on HPE SIM 7.6.x hosts; this endpoint is the attack vector for the insecure AMF deserialization RCE. ↗
- →Alert on unexpected child processes or network connections spawned by hpsimsvc.exe, as successful exploitation results in code execution under that administrative process. ↗
- →Check Point IPS blade signature 'HPE Insight Manager Insecure Deserialization (CVE-2020-7200)' can be used for network-level detection. ↗
- →The exploit leverages the bundled Commons Collections 3.2.2 library shipped with HPE SIM for gadget-chain deserialization; detect deserialization payloads characteristic of Commons Collections gadget chains in AMF traffic. ↗
- ·Vulnerability is exploitable with no privileges required and low attack complexity, meaning no authentication bypass is needed — any network-reachable attacker can trigger it. ↗
- ·Only HPE SIM version 7.6.x on Windows is affected; other versions or platforms are not confirmed vulnerable. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Checkpoint
31st May – Threat Intelligence Report
blogs_checkpoint·2021-05-31
CVE-2020-7200 31st May – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 31st May – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 31st May, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
Check Point Research has conducted a joint investigation into an ongoing and highly targeted campaign against China’s Uyghur minority, using messages and sites impersonating UN and human rights groups. The attackers deployed malware capable of exfiltrating information and gaining control of victim PCs.
The Russian-based hackers
Checkpoint
21st December – Threat Intelligence Bulletin
blogs_checkpoint·2020-12-21
CVE-2020-7200 21st December – Threat Intelligence Bulletin
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 21st December – Threat Intelligence Bulletin
For the latest discoveries in cyber research for the week of 21st December, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
Additional companies have been breached in the high-profile SolarWinds supply chain attack exposed last week. In addition to several US government agencies , Microsoft has confirmed that it was compromised, but states that no customer information or production services were accessed. The nation-state actors have also
Greynoiseio
NoiseLetter February 2026
blogs_greynoiseio
NoiseLetter February 2026
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
http://packetstormsecurity.com/files/161721/HPE-Systems-Insight-Manager-AMF-Deserialization-Remote-Code-Execution.htmlhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04068en_ushttp://packetstormsecurity.com/files/161721/HPE-Systems-Insight-Manager-AMF-Deserialization-Remote-Code-Execution.htmlhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04068en_us
2020-12-18
Published