HP Operations Orchestration Arbitrary Code Execution Vulnerability (CVE-2016-1997)

HP Operations Orchestration Arbitrary Code Execution Vulnerability (CVE-2016-1997)
HP Operations Orchestration Arbitrary Code Execution Vulnerability (CVE-2016-1997)

Release date:
Updated on:

Affected Systems:

HP Operations Orchestration 〈　10.51

Description:

CVE (CAN) ID: CVE-2016-1997

HP Operations Orchestration is an automated O & M manual platform that automates the change and deployment of client devices and data center infrastructure.

In versions earlier than HP Operations Orchestration v10.51, there is a security vulnerability in ACC that handles Java object deserialization, which can be exploited remotely to execute arbitrary code.

<* Source: HP

Link: https://h20564.www2.hpe.com/hpsc/doc/public/display? DocId = emr_na-c05050545
*>

Suggestion:

Vendor patch:

HP
--
HP has released a Security Bulletin (HPSBGN03560) for this purpose and the corresponding patch:
HPSBGN03560: HP Operations Orchestration using Java Deserialization, Remote Arbitrary Code Execution
Link: https://h20564.www2.hpe.com/hpsc/doc/public/display? DocId = emr_na-c05050545

Patch download:

Https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetsearch/document/KM02017066? Lang = en & cc = us & hpappid = 202392_OSP_PRO_HPE

Http://support.openview.hp.com/selfsolve/document/LID/OO_00037

Https://hpln.hpe.com/contentoffering/hp-oo-base-content

This article permanently updates the link address: