HP Operations Orchestration Arbitrary Code Execution Vulnerability (CVE-2016-1997)
HP Operations Orchestration Arbitrary Code Execution Vulnerability (CVE-2016-1997)
Release date:
Updated on:
Affected Systems:
HP Operations Orchestration 〈 10.51
Description:
CVE (CAN) ID: CVE-2016-1997
HP Operations Orchestration is an automated O & M manual platform that automates the change and deployment of client devices and data center infrastructure.
In versions earlier than HP Operations Orchestration v10.51, there is a security vulnerability in ACC that handles Java object deserialization, which can be exploited remotely to execute arbitrary code.
<* Source: HP
Link: https://h20564.www2.hpe.com/hpsc/doc/public/display? DocId = emr_na-c05050545
*>
Suggestion:
Vendor patch:
HP
--
HP has released a Security Bulletin (HPSBGN03560) for this purpose and the corresponding patch:
HPSBGN03560: HP Operations Orchestration using Java Deserialization, Remote Arbitrary Code Execution
Link: https://h20564.www2.hpe.com/hpsc/doc/public/display? DocId = emr_na-c05050545
Patch download:
Https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetsearch/document/KM02017066? Lang = en & cc = us & hpappid = 202392_OSP_PRO_HPE
Http://support.openview.hp.com/selfsolve/document/LID/OO_00037
Https://hpln.hpe.com/contentoffering/hp-oo-base-content
This article permanently updates the link address: