High severity7.3NVD Advisory· Published Sep 29, 2016· Updated May 6, 2026

CVE-2016-4385

Description

The RMI service in HP Network Automation Software 9.1x, 9.2x, 10.0x before 10.00.02.01, and 10.1x before 10.11.00.01 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) and Commons BeanUtils libraries.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/93109nvd
www.zerodayinitiative.com/advisories/ZDI-16-523/nvd
h20566.www2.hpe.com/hpsc/doc/public/displaynvd
www.tenable.com/security/research/tra-2016-27nvd

News mentions

No linked articles in our index yet.

cvss	0.474
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000