CVE-2016-4385
Last modified
CVE-2016-4385 is a vulnerability of currently unknown severity. The RMI service in HP Network Automation Software 9.1x, 9.2x, 10.0x before 10.00.02.01, and 10.1x before 10.11.00.01 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) and Commons BeanUtils libraries.. EPSS estimates a 4.36% chance of exploitation in the next 30 days.
Description
The RMI service in HP Network Automation Software 9.1x, 9.2x, 10.0x before 10.00.02.01, and 10.1x before 10.11.00.01 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) and Commons BeanUtils libraries.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Hp | Network Automation | 9.10 |
| Hp | Network Automation | 9.20 |
| Hp | Network Automation | 9.22 |
| Hp | Network Automation | 9.22.01 |
| Hp | Network Automation | 9.22.02 |
| Hp | Network Automation | 10.00 |
| Hp | Network Automation | 10.00.01 |
| Hp | Network Automation | 10.00.02 |
| Hp | Network Automation | 10.10 |
| Hp | Network Automation | 10.11 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2016-4385?
How severe is CVE-2016-4385?
How do I fix CVE-2016-4385?
Are you affected by CVE-2016-4385?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST