|
|||
Rule General Information |
---|
Release Date: | 2019-04-26 | |
Rule Name: | HPE Operations Orchestration central-remoting Insecure Deserialization Vulnerability (CVE-2017-8994) | |
Severity: | ||
CVE ID: | ||
Rule Protection Details |
---|
Description: | A input validation vulnerability in HPE Operations Orchestration product all versions prior to 10.80, allows for the execution of code remotely. The vulnerability is due to the deserialization of untrusted data in central-remoting servlets. | |
Impact: | A remote, unauthenticated attacker can exploit this vulnerability by sending crafted serialized data to the target application. Successful exploitation could result in arbitrary code execution in the context of the application. | |
Affected OS: | Windows, Linux, FreeBSD, Solaris, Other Unix, Network Device, Mac OS, iOS, Android, Others | |
Reference: | SecurityFocusBID:100588 https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03767en_us https://www.tenable.com/security/research/tra-2017-25 https://www.tenable.com/security/research/tra-2017-28 |
|
Solutions |
---|
The vendors have released upgrade patches to fix vulnerabilities, please visit: https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03767en_us |