CVE-2016-2000

Name of the Vulnerable Software and Affected Versions HPE Asset Manager versions 9.40 through 9.50 Asset Manager CloudSystem Chargeback version 9.40

Description The issue is related to incorrect data processing, allowing a remote attacker to execute arbitrary commands using a specially crafted serialized Java object associated with the Apache Commons Collections library.

Recommendations For HPE Asset Manager versions 9.40 through 9.50, consider disabling the use of the Apache Commons Collections library until a patch is available. For Asset Manager CloudSystem Chargeback version 9.40, restrict access to the vulnerable module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.