CVE-2016-1985

Published: Jan 30, 2016Modified: May 6, 2026

10.0

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 6.0

Source: NVD

Description

HPE Operations Manager 8.x and 9.0 on Windows allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.

Affected (4)

Products: Hp: Operations Manager

1 product

Operations Manager

Configuration A

4 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Operations Manager	Version 8.10
Hp Operations Manager	Version 8.16
Hp Operations Manager	Version 8.1
Hp Operations Manager	Version 9.0

Running on/with	Platform Versions
Microsoft Windows	All versions

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (4)

http://www.securityfocus.com/bid/82259

Source: cve@mitre.org

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04953244

Source: cve@mitre.org

PatchVendor Advisory

http://www.securityfocus.com/bid/82259

Source: af854a3a-2127-422b-91ae-364da2661108

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04953244

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.