Remote Command Execution Vulnerability in HPE P9000 Command View Software
CVE-2016-2003

9.8CRITICAL

Key Information:

Vendor: HP
Status: Xp7 Command View Advanced Edition Suite; P9000 Command View Advanced Edition Software
Vendor: CVE Published:; 20 April 2016

Summary

The HPE P9000 Command View Advanced Edition Software versions 7.x and 8.x prior to 8.4.0-00 are susceptible to a remote command execution risk. This vulnerability arises from the improper handling of serialized Java objects related to the Apache Commons Collections library, allowing adversaries to execute arbitrary commands remotely. Users of affected versions should prioritize updating their software to mitigate potential exploitation.

References

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/do...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 20, 2016
Vulnerability Reserved
Jan 22, 2016