CVE-2016-1998

HPE Service Manager (SM) 9.3x before 9.35 P4 and 9.4x before 9.41.P2 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.

Published: Mar 22, 2016
Updated: Apr 13, 2023
CVE: CVE-2016-1998
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
hp / service_manager	9.41	9.41.x
hp / service_manager	9.33	9.33.x
hp / service_manager	9.35	9.35.x
hp / service_manager	9.32	9.32.x
hp / service_manager	9.30	9.30.x
hp / service_manager	9.40	9.40.x
hp / service_manager	9.34	9.34.x
hp / service_manager	9.31	9.31.x

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054565

Vulnerability Database

289,697

CVE-2016-1998