PT-2016-5919 · Hewlett Packard+1 · Hp Operations Manager+1

Published

2016-08-01

Updated

2016-11-28

CVE-2016-4373

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions HPE Operations Manager (OM) versions prior to 9.21.130

Description The issue allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. This is due to a flaw in the AdminUI component of HPE Operations Manager.

Recommendations For HPE Operations Manager (OM) versions prior to 9.21.130, update to version 9.21.130 or later to resolve the issue.

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

CVE-2016-4373

Affected Products

Apache Commons Collections

Hp Operations Manager

PT-2016-5919 · Hewlett Packard+1 · Hp Operations Manager+1

CVE-2016-4373

Weakness Enumeration

Related Identifiers

Affected Products

References · 4