HP Operations Manager for Windows 8.x and 9.0 Java Object Deserialization RCE
High Nessus Plugin ID 88562
SynopsisThe remote host is affected by a remote code execution vulnerability.
DescriptionThe version of HP Operations Manager installed on the remote host has the Sam Admin Adapter installed. This package is no longer supported by HP and is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections (ACC) library. An unauthenticated, remote attacker can exploit this, by sending a crafted SOAP request, to execute arbitrary code on the target host.
SolutionRemove the Sam Admin Adapter package since it is unsupported.