HP Operations Manager for Windows 8.x and 9.0 Java Object Deserialization RCE

High Nessus Plugin ID 88562


The remote host is affected by a remote code execution vulnerability.


The version of HP Operations Manager installed on the remote host has the Sam Admin Adapter installed. This package is no longer supported by HP and is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections (ACC) library. An unauthenticated, remote attacker can exploit this, by sending a crafted SOAP request, to execute arbitrary code on the target host.


Remove the Sam Admin Adapter package since it is unsupported.

See Also


Plugin Details

Severity: High

ID: 88562

File Name: hp_operations_manager_for_win_CVE-2016-1985_local.nasl

Version: $Revision: 1.4 $

Type: local

Agent: windows

Family: Windows

Published: 2016/02/03

Modified: 2016/04/28

Dependencies: 88563

Risk Information

Risk Factor: High


Base Score: 9

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND

Vulnerability Information

CPE: cpe:/a:hp:operations_manager

Required KB Items: installed_sw/HP Operations Manager for Windows

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2016/01/29

Vulnerability Publication Date: 2015/01/28

Reference Information

CVE: CVE-2016-1985

BID: 82259

OSVDB: 129952, 130424, 133813

CERT: 576313

IAVB: 2016-B-0020

HP: HPSBGN03542, PSRT102960, emr_na-c04953244