SynopsisThe remote host is affected by a remote code execution vulnerability.
DescriptionThe version of HP Operations Orchestration running on the remote host is 10.x prior to 10.70. It is, therefore, affected by a remote code execution vulnerability in the wsExecutionBridgeService servlet due to improper validation of user-supplied input before deserialization. An unauthenticated, remote attacker can exploit this, by sending a crafted serialized Java object, to execute arbitrary code.
Note that this vulnerability only affects the Community and Enterprise editions.
SolutionUpgrade to HP Operations Orchestration version 10.70 or later.