CVE-2016-1985
CRITICALHPE Operations Manager 8.x and 9.0 - Remote Code Execution via Apache Commons Collections Deserialization
Title source: llmDescription
HPE Operations Manager 8.x and 9.0 on Windows allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/82259
Patch, Vendor Advisory x_refsource_confirm
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04953244
Scores
CVSS v3
10.0
EPSS
0.0323
EPSS Percentile
87.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-94
Status
published
Products (4)
hp/operations_manager
8.1
hp/operations_manager
8.10
hp/operations_manager
8.16
hp/operations_manager
9.0
Published
Jan 30, 2016
Tracked Since
Feb 18, 2026