CVE-2020-7136
CRITICAL EXPLOITED NUCLEIHPE Smart Update Manager <8.5.6 - Info Disclosure
Title source: llmExploitation Summary
CVE-2020-7136 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.
Description
A security vulnerability in HPE Smart Update Manager (SUM) prior to version 8.5.6 could allow remote unauthorized access. Hewlett Packard Enterprise has provided a software update to resolve this vulnerability in HPE Smart Update Manager (SUM) prior to 8.5.6. Please visit the HPE Support Center at https://support.hpe.com/hpesc/public/home to download the latest version of HPE Smart Update Manager (SUM). Download the latest version of HPE Smart Update Manager (SUM) or download the latest Service Pack For ProLiant (SPP).
Nuclei Templates (1)
HPE Smart Update Manager < 8.5.6 - Remote Unauthorized Access
CRITICALby gy741
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03997en_us
Scores
CVSS v3
9.8
EPSS
0.7952
EPSS Percentile
99.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
VulnCheck KEV
2025-08-14
Status
published
Products (1)
hpe/smart_update_manager
< 8.5.6
Published
Apr 30, 2020
Tracked Since
Feb 18, 2026