PT-2016-5918 · Hewlett Packard+1 · Hpe Imc Ead+6
Raphael Kuhn
·
Publicado
2016-07-15
·
Atualizado
2017-09-22
·
CVE-2016-4372
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
HPE iMC PLAT versions prior to 7.2 E0403P04
HPE iMC EAD versions prior to 7.2 E0405P05
HPE iMC APM versions prior to 7.2 E0401P04
HPE iMC NTA versions prior to 7.2 E0401P01
HPE iMC BIMS versions prior to 7.2 E0402P02
HPE iMC UAM TAM versions prior to 7.2 E0405P05
Description
The issue allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
Recommendations
For HPE iMC PLAT versions prior to 7.2 E0403P04, update to version 7.2 E0403P04 or later.
For HPE iMC EAD versions prior to 7.2 E0405P05, update to version 7.2 E0405P05 or later.
For HPE iMC APM versions prior to 7.2 E0401P04, update to version 7.2 E0401P04 or later.
For HPE iMC NTA versions prior to 7.2 E0401P01, update to version 7.2 E0401P01 or later.
For HPE iMC BIMS versions prior to 7.2 E0402P02, update to version 7.2 E0402P02 or later.
For HPE iMC UAM TAM versions prior to 7.2 E0405P05, update to version 7.2 E0405P05 or later.
Exploit
Correção
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Apache Commons Collections
Hpe Imc Apm
Hpe Imc Bims
Hpe Imc Ead
Hpe Imc Nta
Hpe Imc Plat
Hpe Imc Uam Tam