Vulnerabilities > CVE-2016-2003 - Remote Code Execution vulnerability in HP products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

NVD

Published: 2016-04-20

Updated: 2016-12-01

Summary

HPE P9000 Command View Advanced Edition Software (CVAE) 7.x and 8.x before 8.4.0-00 and XP7 CVAE 7.x and 8.x before 8.4.0-00 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. <a href="http://cwe.mitre.org/data/definitions/502.html">CWE-502: Deserialization of Untrusted Data</a>

Vulnerable Configurations

Part	Description	Count
Application	Hp HP P9000 Command View Advanced Edition Software - HP XP7 Command View Advanced Edition Suite -	2

References

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085438