PT-2016-5918 · Hewlett Packard+1 · Hpe Imc Ead+6
Raphael Kuhn
·
Published
2016-07-15
·
Updated
2017-09-22
·
CVE-2016-4372
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
HPE iMC PLAT versions prior to 7.2 E0403P04
HPE iMC EAD versions prior to 7.2 E0405P05
HPE iMC APM versions prior to 7.2 E0401P04
HPE iMC NTA versions prior to 7.2 E0401P01
HPE iMC BIMS versions prior to 7.2 E0402P02
HPE iMC UAM TAM versions prior to 7.2 E0405P05
Description
The issue allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
Recommendations
For HPE iMC PLAT versions prior to 7.2 E0403P04, update to version 7.2 E0403P04 or later.
For HPE iMC EAD versions prior to 7.2 E0405P05, update to version 7.2 E0405P05 or later.
For HPE iMC APM versions prior to 7.2 E0401P04, update to version 7.2 E0401P04 or later.
For HPE iMC NTA versions prior to 7.2 E0401P01, update to version 7.2 E0401P01 or later.
For HPE iMC BIMS versions prior to 7.2 E0402P02, update to version 7.2 E0402P02 or later.
For HPE iMC UAM TAM versions prior to 7.2 E0405P05, update to version 7.2 E0405P05 or later.
Exploit
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Commons Collections
Hpe Imc Apm
Hpe Imc Bims
Hpe Imc Ead
Hpe Imc Nta
Hpe Imc Plat
Hpe Imc Uam Tam