CERT warns of an unpatched vulnerability in HP s Insight Diagnostics server management software that could lead to remote code execution attacks. There is currently no fix available for the problem. When all of the vulnerabilities are combined, an attacker could remotely execute arbitrary PHP commands on a server with administrator privileges. The bugs were dug up by Markus Wulftange, a security consultant at the German IT firm Daimler TSS, according to CERT. In the past, when it comes to fixes, HP usually sends updates to customers when patches are released for their products.
Source: https://threatpost.com/cert-warns-of-vulnerabilities-in-hp-insight-diagnostics/100922/