CVE-2016-4372

CRITICAL

HPE iMC PLAT <7.2 - RCE

Title source: llm

Description

HPE iMC PLAT before 7.2 E0403P04, iMC EAD before 7.2 E0405P05, iMC APM before 7.2 E0401P04, iMC NTA before 7.2 E0401P01, iMC BIMS before 7.2 E0402P02, and iMC UAM_TAM before 7.2 E0405P05 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

Exploits (1)

exploitdb WORKING POC

by Raphael Kuhn · pythonremotejava

https://www.exploit-db.com/exploits/42756

View Code ZIP pw:eip

References (3)

[Vendor Advisory] https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05200601

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/91739

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/42756/

Scores

CVSS v3 9.8

EPSS 0.1020

EPSS Percentile 93.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-20

Status published

Products (6)

hp/intelligent_management_center_application_performance_manager < 7.2

hp/intelligent_management_center_branch_intelligent_management_system < 7.2

hp/intelligent_management_center_endpoint_admission_defense < 7.2

hp/intelligent_management_center_network_traffic_analyzer < 7.2

hp/intelligent_management_center_platform < 7.2

hp/intelligent_management_center_user_access_management < 7.2

Published Jul 15, 2016

Tracked Since Feb 18, 2026