HP Intelligent Management Center Java Object Deserialization RCE
Critical Nessus Plugin ID 93097
SynopsisA web application hosted on the remote web server is affected by a remote code execution vulnerability.
DescriptionThe version of HP Intelligent Management Center (IMC) installed on the remote Windows host is prior to 7.2. It is, therefore, affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections (ACC) library. An unauthenticated, remote attacker can exploit this, by sending a crafted HTTP request, to execute arbitrary code on the target host.
SolutionUpgrade to HP IMC version 7.2 E0403P04 or later.