Simpler Navigation for Servers and Operating Systems - Please Update Your Bookmarks
Completed: a much simpler Servers and Operating Systems section of the Community. We combined many of the older boards, so you won't have to click through so many levels to get at the information you need. Check the consolidated boards here as many sub-forums are now single boards.
If you have bookmarked forums or discussion boards in Servers and Operating Systems, we suggest you check and update them as needed.
Server Management - Systems Insight Manager
cancel
Showing results for 
Search instead for 
Did you mean: 

HP SMH - CVE 2016-2017

Koobal
Occasional Visitor

HP SMH - CVE 2016-2017

Hello,

As a result of a Security Audit we found that HP SMH is vulnerable to CVE 2016-2017.

http://www.securityfocus.com/archive/1/538556

As there is no mention of this breach in Hp SMH 7.5.5.6 (lastest version we found and installed) and the corrective did not mention it

http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05111017

Is there a way to correct it ? is it possible to upgrade the openssl library installed with HP-SMH ?

 

Thanks for your help,

Best regards

 

2 REPLIES
Andrew_Haak
Honored Contributor

Re: HP SMH - CVE 2016-2017

That is the latest version so there is no update available, i don't believe you can update the Open SSL version used in the software. What type of hardware you you use? If it's a Gen8 or newer you should uninstall the SMH and use AMS, if it's an older type youre stuck and if you feel upto it you can place a support case with HP to find out if an update will become available soon. If possible you can restrict access to the SMH to and from the SIM server only, if your SMH is not accesable to a public network you should not be in any real problem
Kind regards,

Andrew
Koobal
Occasional Visitor

Re: HP SMH - CVE 2016-2017

Hi,

Thanks for your reply.

That's what I did (open a case), they were not aware of that breach, and maybe it will be coreccted in SMH next release (7.6)

For now they told me to deactivated AES-NI support for SMH to workaround the issue.

 

Kind regards,