Critical severity9.8NVD Advisory· Published Jun 8, 2016· Updated May 6, 2026
CVE-2016-4368
CVE-2016-4368
Description
HPE Universal CMDB 10.0 through 10.21, Universal CMDB Configuration Manager 10.0 through 10.21, and Universal Discovery 10.0 through 10.21 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
Affected products
18cpe:2.3:a:hp:universal_cmbd_foundation:10.0:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:hp:universal_cmbd_foundation:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:hp:universal_cmbd_foundation:10.01:*:*:*:*:*:*:*
- cpe:2.3:a:hp:universal_cmbd_foundation:10.10:*:*:*:*:*:*:*
- cpe:2.3:a:hp:universal_cmbd_foundation:10.11:*:*:*:*:*:*:*
- cpe:2.3:a:hp:universal_cmbd_foundation:10.20:*:*:*:*:*:*:*
- cpe:2.3:a:hp:universal_cmbd_foundation:10.21:*:*:*:*:*:*:*
cpe:2.3:a:hp:universal_cmbd_configuration_manager:10.0:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:hp:universal_cmbd_configuration_manager:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:hp:universal_cmbd_configuration_manager:10.01:*:*:*:*:*:*:*
- cpe:2.3:a:hp:universal_cmbd_configuration_manager:10.10:*:*:*:*:*:*:*
- cpe:2.3:a:hp:universal_cmbd_configuration_manager:10.11:*:*:*:*:*:*:*
- cpe:2.3:a:hp:universal_cmbd_configuration_manager:10.20:*:*:*:*:*:*:*
- cpe:2.3:a:hp:universal_cmbd_configuration_manager:10.21:*:*:*:*:*:*:*
cpe:2.3:a:hp:universal_discovery:10.0:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:hp:universal_discovery:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:hp:universal_discovery:10.01:*:*:*:*:*:*:*
- cpe:2.3:a:hp:universal_discovery:10.10:*:*:*:*:*:*:*
- cpe:2.3:a:hp:universal_discovery:10.11:*:*:*:*:*:*:*
- cpe:2.3:a:hp:universal_discovery:10.20:*:*:*:*:*:*:*
- cpe:2.3:a:hp:universal_discovery:10.21:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplaynvdVendor Advisory
News mentions
0No linked articles in our index yet.