HPE Universal CMDB 10.0 through 10.21, Universal CMDB Configuration Manager 10.0 through 10.21, and Universal Discovery 10.0 through 10.21 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
2016-06-08T14:59:59.880
2025-04-12T10:46:40.837
Deferred
CVSSv3.0: 9.8 (CRITICAL)
AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | hp | universal_cmbd_foundation | 10.0 | Yes |
| Application | hp | universal_cmbd_foundation | 10.01 | Yes |
| Application | hp | universal_cmbd_foundation | 10.10 | Yes |
| Application | hp | universal_cmbd_foundation | 10.11 | Yes |
| Application | hp | universal_cmbd_foundation | 10.20 | Yes |
| Application | hp | universal_cmbd_foundation | 10.21 | Yes |
| Application | hp | universal_cmbd_configuration_manager | 10.0 | Yes |
| Application | hp | universal_cmbd_configuration_manager | 10.01 | Yes |
| Application | hp | universal_cmbd_configuration_manager | 10.10 | Yes |
| Application | hp | universal_cmbd_configuration_manager | 10.11 | Yes |
| Application | hp | universal_cmbd_configuration_manager | 10.20 | Yes |
| Application | hp | universal_cmbd_configuration_manager | 10.21 | Yes |
| Application | hp | universal_discovery | 10.0 | Yes |
| Application | hp | universal_discovery | 10.01 | Yes |
| Application | hp | universal_discovery | 10.10 | Yes |
| Application | hp | universal_discovery | 10.11 | Yes |
| Application | hp | universal_discovery | 10.20 | Yes |
| Application | hp | universal_discovery | 10.21 | Yes |