Zero-Day Advisory
Fortinet Discovers HPE Content Manager Workgroup Service Remote DoS Vulnerability
Summary
Fortinet's FortiGuard Labs has discovered a Denial of Service (DoS) vulnerability in HPE Content Manager Workgroup Service.
HPE Content Manager, formerly Records Manager, is a governance-based enterprise content management system designed to help government agencies, regulated industries and global organizations manage their business content from creation to disposal.
A remote DoS vulnerability has been identified in HPE Content Manager Workgroup Service. The vulnerability exists because HPE Content Manager Workgroup Service does not properly deal with specially crafted network packet.
Solutions
FortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:HPE.Content.Manager.Workgroup.Service.DoS
Released Mar 23, 2017
Users should apply the solution provided by HPE.
Additional Information
Fortinet reported the vulnerability to HPE on February 15, 2017.
HPE released patch for it on November 6, 2017.
References
Acknowledgement
This vulnerability was discovered by Honggang Ren of Fortinet's FortiGuard Labs.