Arbitrary Command Execution via Serialized Java Object in HPE P9000 Command View Advanced Edition Software and XP7 CVAE

Arbitrary Command Execution via Serialized Java Object in HPE P9000 Command View Advanced Edition Software and XP7 CVAE

CVE-2016-2003 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

HPE P9000 Command View Advanced Edition Software (CVAE) 7.x and 8.x before 8.4.0-00 and XP7 CVAE 7.x and 8.x before 8.4.0-00 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

Learn more about our Cis Benchmark Audit For Apache Http Server.