CVE-2016-4369

Published: Jun 8, 2016Modified: May 6, 2026

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

HPE Discovery and Dependency Mapping Inventory (DDMi) 9.30, 9.31, 9.32, 9.32 update 1, 9.32 update 2, and 9.32 update 3 allows remote authenticated users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.

Affected (3)

Products: Hp: Discovery And Dependency Mapping Inventory

1 product

Discovery And Dependency Mapping Inventory

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Hp Discovery And Dependency Mapping Inventory	Version 9.30
Hp Discovery And Dependency Mapping Inventory	Version 9.31
Hp Discovery And Dependency Mapping Inventory	Version 9.32

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05164819

Source: cve@mitre.org

Vendor Advisory

https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05164819

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.