CVE-2016-4385

Name of the Vulnerable Software and Affected Versions HP Network Automation Software versions 9.1x through 9.2x HP Network Automation Software versions 10.0x through 10.00.02.00 HP Network Automation Software versions 10.1x through 10.10.99.99

Description The issue allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections and Commons BeanUtils libraries. This is due to a deserialization of untrusted data vulnerability in the RMI service.

Recommendations For HP Network Automation Software versions 9.1x through 9.2x, update to version 10.00.02.01 or later. For HP Network Automation Software versions 10.0x through 10.00.02.00, update to version 10.00.02.01 or later. For HP Network Automation Software versions 10.1x through 10.10.99.99, update to version 10.11.00.01 or later.