Remote Code Execution Vulnerability in HP Business Service Management
CVE-2016-4405

8.8HIGH

Key Information:

Vendor: HP
Status: HP Business Service Manager
Vendor: CVE Published:; 6 August 2018

Summary

A remote code execution vulnerability exists in HP Business Service Management due to improper handling of Java deserialization in Apache Commons Collections. This vulnerability allows an attacker to execute arbitrary code on the server by sending a crafted request that is processed by the affected application. Versions v9.20 to v9.26 of HP BSM are susceptible, potentially compromising the integrity and availability of the system. It is crucial for users of affected versions to apply the available patches promptly to mitigate this security risk.

Affected Version(s)

HP Business Service Manager v9.20-v9.26

References

http://www.securityfocus.com/bid/94183

vdb-entryx_refsource_BID

https://support.hpe.com/hpsc/doc/public/display?docLocale...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 6, 2018
Vulnerability Reserved
Apr 29, 2016