Remote Command Execution Vulnerability in HPE Universal CMDB and Related Products
CVE-2016-4368

9.8CRITICAL

Key Information:

Vendor: HP
Status: Universal Cmbd Foundation
Vendor: CVE Published:; 8 June 2016

Summary

Hewlett Packard Enterprise's Universal CMDB and its associated configuration and discovery tools are susceptible to a vulnerability that allows remote attackers to execute arbitrary commands. This occurs through the deserialization of crafted Java objects that impact the Apache Commons Collections library. The flaw is present in versions ranging from 10.0 to 10.21, making it critical for users to ensure their installations are updated and secured against potential remote exploits.

References

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/do...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 8, 2016
Vulnerability Reserved
Apr 29, 2016