CVE-2016-4385

The RMI service in HP Network Automation Software 9.1x, 9.2x, 10.0x before 10.00.02.01, and 10.1x before 10.11.00.01 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) and Commons BeanUtils libraries.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:hp:network_automation:9.10:*:*:*:*:*:*:*
cpe:2.3:a:hp:network_automation:9.20:*:*:*:*:*:*:*
cpe:2.3:a:hp:network_automation:9.22:*:*:*:*:*:*:*
cpe:2.3:a:hp:network_automation:9.22.01:*:*:*:*:*:*:*
cpe:2.3:a:hp:network_automation:9.22.02:*:*:*:*:*:*:*
cpe:2.3:a:hp:network_automation:10.00:*:*:*:*:*:*:*
cpe:2.3:a:hp:network_automation:10.00.01:*:*:*:*:*:*:*
cpe:2.3:a:hp:network_automation:10.00.02:*:*:*:*:*:*:*
cpe:2.3:a:hp:network_automation:10.10:*:*:*:*:*:*:*
cpe:2.3:a:hp:network_automation:10.11:*:*:*:*:*:*:*

History

No history.

Information

Published : 2016-09-29 14:59

Updated : 2023-12-10 11:46


NVD link : CVE-2016-4385

Mitre link : CVE-2016-4385

CVE.ORG link : CVE-2016-4385


JSON object : View

Products Affected

hp

  • network_automation
CWE
CWE-502

Deserialization of Untrusted Data