CVE-2016-4368 — Improper Input Validation in HP Universal Cmbd Configuration Manager
Severity
9.8CRITICALNVD
EPSS
1.2%
top 20.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 8
Latest updateMay 17
Description
HPE Universal CMDB 10.0 through 10.21, Universal CMDB Configuration Manager 10.0 through 10.21, and Universal Discovery 10.0 through 10.21 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9