Remote Command Execution Vulnerability in HPE Operations Manager Software
CVE-2016-1985

10CRITICAL

Key Information:

Vendor: HP
Status: Operations Manager
Vendor: CVE Published:; 30 January 2016

What is CVE-2016-1985?

A vulnerability in HPE Operations Manager 8.x and 9.0 on Windows allows remote attackers to execute arbitrary commands by leveraging a crafted serialized Java object. This issue is associated with the Apache Commons Collections library, which plays a crucial role in the deserialization process. Exploiting this vulnerability can lead to unauthorized command execution and potential takeover of the affected systems. It is important for users to apply the necessary patches or updates to safeguard against this threat.

References

http://www.securityfocus.com/bid/82259

vdb-entryx_refsource_BID

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/do...

x_refsource_CONFIRM

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 30, 2016
Vulnerability Reserved
Jan 22, 2016