CVE-2016-4385

CWE-502Deserialization of Untrusted Data3 documents3 sources
Severity
7.3HIGH
EPSS
3.7%
top 12.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
HP Network Automation
Timeline
PublishedSep 29
Latest updateMay 14

Description

The RMI service in HP Network Automation Software 9.1x, 9.2x, 10.0x before 10.00.02.01, and 10.1x before 10.11.00.01 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) and Commons BeanUtils libraries.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 3.9 | Impact: 3.4

Affected Packages1 packages

NVDhp/network_automation10 versions+9

🔴Vulnerability Details

2
GHSA
GHSA-h55m-qj4r-qv59: The RMI service in HP Network Automation Software 92022-05-14
CVEList
CVE-2016-4385: The RMI service in HP Network Automation Software 92016-09-29
CVE-2016-4385 (HIGH CVSS 7.3) | The RMI service in HP Network Autom | cvebase.io