CVE-2016-4372: Input Validation
First published: Fri Jul 15 2016(Updated: )
HPE iMC PLAT before 7.2 E0403P04, iMC EAD before 7.2 E0405P05, iMC APM before 7.2 E0401P04, iMC NTA before 7.2 E0401P01, iMC BIMS before 7.2 E0402P02, and iMC UAM_TAM before 7.2 E0405P05 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| HP Intelligent Management Center Application Performance Manager | <=7.2 | |
| HP Intelligent Management Center | <=7.2 | |
| HP Endpoint Admission Defense | <=7.2 | |
| HP Intelligent Management Center Network Traffic Analyzer | <=7.2 | |
| HP Intelligent Management Center Platform | <=7.2 | |
| Hewlett Packard Enterprise Intelligent Management Center | <=7.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-4372?
CVE-2016-4372 has a high severity rating due to its ability to allow remote attackers to execute arbitrary commands.
How do I fix CVE-2016-4372?
To fix CVE-2016-4372, you should update your affected HPE Intelligent Management Center software to the latest version that resolves the vulnerability.
What systems are affected by CVE-2016-4372?
CVE-2016-4372 affects several versions of HPE Intelligent Management Center components, including Application Performance Manager, Endpoint Admission Defense, and Network Traffic Analyzer before version 7.2 E0405P05.
What type of vulnerability is CVE-2016-4372?
CVE-2016-4372 is classified as a remote command execution vulnerability caused by processing crafted serialized Java objects.
When was CVE-2016-4372 disclosed?
CVE-2016-4372 was disclosed in 2016 and impacts various versions of HPE iMC software prior to updates released in 2017.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/references
- agent/weakness
- agent/author
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/hp
- canonical/hp intelligent management center application performance manager
- version/hp intelligent management center application performance manager/7.2
- canonical/hp intelligent management center
- version/hp intelligent management center/7.2
- canonical/hp endpoint admission defense
- version/hp endpoint admission defense/7.2
- canonical/hp intelligent management center network traffic analyzer
- version/hp intelligent management center network traffic analyzer/7.2
- canonical/hp intelligent management center platform
- version/hp intelligent management center platform/7.2
- canonical/hewlett packard enterprise intelligent management center
- version/hewlett packard enterprise intelligent management center/7.2