Remote Command Execution in HP Network Automation Software
CVE-2016-4385
7.3HIGH
What is CVE-2016-4385?
The RMI service in HP Network Automation Software versions 9.1x, 9.2x, and specific 10.x versions is vulnerable to remote command execution. This vulnerability stems from an insecure deserialization of crafted serialized Java objects, which can be exploited by attackers to execute arbitrary commands. The issue relates to weaknesses in the Apache Commons Collections and Commons BeanUtils libraries, potentially compromising system integrity and security.