CVE-2016-1997

Published: Mar 22, 2016Modified: May 6, 2026

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

HPE Operations Orchestration 10.x before 10.51 and Operations Orchestration content before 1.7.0 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.

Affected (10)

Products: Hp: Operations Orchestration, Operations Orchestration Content

2 products

Operations Orchestration

Operations Orchestration Content

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Hp Operations Orchestration	Version 10.01
Hp Operations Orchestration	Version 10.02
Hp Operations Orchestration	Version 10.0
Hp Operations Orchestration	Version 10.10
Hp Operations Orchestration	Version 10.20
Hp Operations Orchestration	Version 10.21
Hp Operations Orchestration	Version 10.22.1
Hp Operations Orchestration	Version 10.22
Hp Operations Orchestration	Version 10.50
Hp Operations Orchestration Content	Up to 1.5.3

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05050545

Source: cve@mitre.org

PatchVendor Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05050545

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.