Vulnerability Change Records for CVE-2016-4385

Change History

CVE Modified by MITRE 11/02/2017 9:29:02 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://www.tenable.com/security/research/tra-2016-27 [No Types Assigned]
Removed Reference
http://www.tenable.com/security/research/tra-2016-27 [No Types Assigned]

								
						

CVE Modified by MITRE 11/28/2016 3:17:47 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://www.securityfocus.com/bid/93109 [No Types Assigned]

Modified Analysis 9/29/2016 4:18:30 PM

Action Type Old Value New Value
Added CPE Configuration

								
							
							
						
Configuration 1
     OR
          *cpe:2.3:a:hp:network_automation:9.10:*:*:*:*:*:*:*
          *cpe:2.3:a:hp:network_automation:9.20:*:*:*:*:*:*:*
          *cpe:2.3:a:hp:network_automation:9.22:*:*:*:*:*:*:*
          *cpe:2.3:a:hp:network_automation:9.22.01:*:*:*:*:*:*:*
          *cpe:2.3:a:hp:network_automation:9.22.02:*:*:*:*:*:*:*
          *cpe:2.3:a:hp:network_automation:10.00:*:*:*:*:*:*:*
          *cpe:2.3:a:hp:network_automation:10.00.01:*:*:*:*:*:*:*
          *cpe:2.3:a:hp:network_automation:10.00.02:*:*:*:*:*:*:*
          *cpe:2.3:a:hp:network_automation:10.10:*:*:*:*:*:*:*
          *cpe:2.3:a:hp:network_automation:10.11:*:*:*:*:*:*:*
Added CVSS V2

								
							
							
						
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Added CVSS V3

								
							
							
						
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Added CWE

								
							
							
						
CWE-502
Changed Reference Type
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05279098 No Types Assigned
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05279098 Vendor Advisory

CVE Modified by Source 10/11/2016 10:2:54 PM

Action Type Old Value New Value
Changed Description
HP Network Automation Software 9.1x, 9.2x, 10.0x before 10.00.02.01, and 10.1x before 10.11.00.01 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
The RMI service in HP Network Automation Software 9.1x, 9.2x, 10.0x before 10.00.02.01, and 10.1x before 10.11.00.01 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) and Commons BeanUtils libraries.
Added Reference

								
							
							
						
http://www.tenable.com/security/research/tra-2016-27
Added Reference

								
							
							
						
http://www.zerodayinitiative.com/advisories/ZDI-16-523/
Added Reference

								
							
							
						
https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05279098

CVE Translated 10/12/2016 3:45:01 PM

Action Type Old Value New Value
Added Translation

								
							
							
						
El servicio RMI en HP Network Automation Software 9.1x, 9.2x, 10.0x en versiones anteriores a 10.00.02.01 y 10.1x en versiones anteriores a 10.11.00.01 permite a atacantes remotos ejecutar comandos arbitrarios a través de un objeto Java serializado manipulado, relacionado con las bibliotecas Apache Commons Collections (ACC) y Commons BeanUtils.
Removed Translation
HP Network Automation Software 9.1x, 9.2x, 10.0x en versiones anteriores a 10.00.02.01 y 10.1x en versiones anteriores a 10.11.00.01 permite a atacantes remotos ejecutar comandos arbitrarios a través de un objeto Java serializado manipulado, relacionado con la biblioteca Apache Commons Collections (ACC).

								
						

CVE Translated 9/29/2016 10:45:00 PM

Action Type Old Value New Value

CVE Modified by MITRE 2/16/2018 9:29:00 PM

Action Type Old Value New Value
Removed Reference
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05279098 [Vendor Advisory]