PT-2016-5919 · Hewlett Packard+1 · Hp Operations Manager+1

Publicado

2016-08-01

Atualizado

2016-11-28

CVE-2016-4373

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions HPE Operations Manager (OM) versions prior to 9.21.130

Description The issue allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. This is due to a flaw in the AdminUI component of HPE Operations Manager.

Recommendations For HPE Operations Manager (OM) versions prior to 9.21.130, update to version 9.21.130 or later to resolve the issue.

Correção

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284

Identificadores relacionados

CVE-2016-4373

Produtos afetados

Apache Commons Collections

Hp Operations Manager

PT-2016-5919 · Hewlett Packard+1 · Hp Operations Manager+1

CVE-2016-4373

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4