SynopsisAn application running on the remote host is affected by a remote code execution vulnerability.
DescriptionThe HP Network Automation application running on the remote host is version 9.1x, 9.2x, 10.00.x prior to 10.00.02.01, 10.10.x, or 10.11.x prior to 10.11.00.01. It is, therefore, affected by a remote code execution vulnerability in the RMI registry due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections (ACC) library. An unauthenticated, remote attacker can exploit this, by sending a specially crafted request, to execute arbitrary code on the target host.
SolutionApply the appropriate patch according to the vendor advisory.