CVE-2016-4405

HIGH

HP BSM <9.26 - RCE

Title source: llm

Description

A remote code execution vulnerability was identified in HP Business Service Management (BSM) using Apache Commons Collection Java Deserialization versions v9.20-v9.26

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/94183

[Vendor Advisory] https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05327447

Scores

CVSS v3 8.8

EPSS 0.1535

EPSS Percentile 94.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-502

Status published

Affected Products (1)

hp/business_service_management < 9.26

Timeline

Published Aug 06, 2018

Tracked Since Feb 18, 2026