CVE-2016-4372

EPSS 18.2%
Veröffentlicht 15.07.2016 16:59:08
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

HPE iMC PLAT before 7.2 E0403P04, iMC EAD before 7.2 E0405P05, iMC APM before 7.2 E0401P04, iMC NTA before 7.2 E0401P01, iMC BIMS before 7.2 E0402P02, and iMC UAM_TAM before 7.2 E0405P05 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Hp ≫ Intelligent Management Center Application Performance Manager Version <= 7.2

Hp ≫ Intelligent Management Center Branch Intelligent Management System Version <= 7.2

Hp ≫ Intelligent Management Center Endpoint Admission Defense Version <= 7.2

Hp ≫ Intelligent Management Center Network Traffic Analyzer Version <= 7.2

Hp ≫ Intelligent Management Center Platform Version <= 7.2

Hp ≫ Intelligent Management Center User Access Management Version <= 7.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	18.2%	0.946

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securityfocus.com/bid/91739

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05200601

Vendor Advisory

https://www.exploit-db.com/exploits/42756/

https://nvd.nist.gov/vuln/detail/CVE-2016-4372

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-4372

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-4372

EUVD