CVE-2016-8511

CWE-502 — Deserialization of Untrusted Data3 documents3 sources

Severity

9.8CRITICAL

EPSS

18.4%

top 4.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Hewlett Packard Enterprise Network Automation HP Network Automation

Timeline

PublishedFeb 15

Latest updateMay 14

Description

A Remote Code Execution vulnerability in HPE Network Automation using RPCServlet and Java Deserialization version v9.1x, v9.2x, v10.00, v10.00.01, v10.00.02, v10.10, v10.11, v10.11.01, v10.20 was found.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDhp/network_automation12 versions+11

▶CVEListV5hewlett_packard_enterprise/network_automationv9.1x, v9.2x, v10.00, v10.00.01, v10.00.02, v10.10, v10.11, v10.11.01, v10.20

🔴Vulnerability Details

GHSA

GHSA-g63c-vcx9-r7j7: A Remote Code Execution vulnerability in HPE Network Automation using RPCServlet and Java Deserialization version v9↗2022-05-14

▶

CVEList

CVE-2016-8511: A Remote Code Execution vulnerability in HPE Network Automation using RPCServlet and Java Deserialization version v9↗2018-02-15

▶