CVE-2016-4372

high-risk

Published 2016-07-15

HPE iMC PLAT before 7.2 E0403P04, iMC EAD before 7.2 E0405P05, iMC APM before 7.2 E0401P04, iMC NTA before 7.2 E0401P01, iMC BIMS before 7.2 E0402P02, and iMC UAM_TAM before 7.2 E0405P05 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

Do I need to act?

10.2% chance of exploitation in next 30 days

EPSS score — higher than 90% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

42756

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (6)

Intelligent Management Center Platform

Intelligent Management Center Application Performance Manager

Intelligent Management Center Branch Intelligent Management System

Intelligent Management Center Endpoint Admission Defense

Intelligent Management Center Network Traffic Analyzer

Intelligent Management Center User Access Management

Affected Vendors

References (6)

http://www.securityfocus.com/bid/91739

Vendor Advisory https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c...

https://www.exploit-db.com/exploits/42756/

http://www.securityfocus.com/bid/91739

Vendor Advisory https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c...

https://www.exploit-db.com/exploits/42756/

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 11/34 · Low

Exposure 13/34 · Low