Unauthenticated Java Deserialization Vulnerability in HPE Storage Essentials
CVE-2017-10992
9.8CRITICAL
What is CVE-2017-10992?
In HPE Storage Essentials version 9.5.0.142, a vulnerability exists that allows unauthenticated attackers to exploit Java deserialization. Through a crafted request directed at the invoker/JMXInvokerServlet, the flaw facilitates remote code execution, enabling unauthorized users to execute operating system commands. This security issue poses significant risks to the integrity and availability of systems utilizing this software.