CVE-2016-4372

9.8CRITICAL

Key Information:

Vendor
HP
Status
Intelligent Management Center Endpoint Admission Defense
Intelligent Management Center Network Traffic Analyzer
Intelligent Management Center Application Performance Manager
Intelligent Management Center Platform
Vendor
CVE Published:
15 July 2016

Summary

HPE iMC PLAT before 7.2 E0403P04, iMC EAD before 7.2 E0405P05, iMC APM before 7.2 E0401P04, iMC NTA before 7.2 E0401P01, iMC BIMS before 7.2 E0402P02, and iMC UAM_TAM before 7.2 E0405P05 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

References

https://www.exploit-db.com/exploits/42756/
exploitx_refsource_EXPLOIT-DB
http://www.securityfocus.com/bid/91739
vdb-entryx_refsource_BID
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/do...
x_refsource_CONFIRM

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.