CVE-2016-4368

Name of the Vulnerable Software and Affected Versions HPE Universal CMDB versions 10.0 through 10.21 HPE Universal CMDB Configuration Manager versions 10.0 through 10.21 HPE Universal Discovery versions 10.0 through 10.21

Description The issue allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

Recommendations For HPE Universal CMDB versions 10.0 through 10.21, consider disabling the use of the Apache Commons Collections library until a patch is available. For HPE Universal CMDB Configuration Manager versions 10.0 through 10.21, restrict access to the affected modules to minimize the risk of exploitation. For HPE Universal Discovery versions 10.0 through 10.21, avoid using the vulnerable serialized Java object parameter in the affected API endpoints until the issue is resolved.