Arbitrary commands execution in HPE Service Manager in HPE Service Manager - CVE-2016-1998
Published: July 15, 2016 / Updated: July 18, 2016
Vulnerability identifier: #VU152
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2016-1998
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Hewlett Packard Enterprise Development LP
Affected software:
HPE Service Manager
HPE Service Manager
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary commands on the target system.
The vulnerability exists in HPE Service Manager. A remote attacker can execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
The vulnerability exists in HPE Service Manager. A remote attacker can execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.