CNVD-2016-04031

Vulnerability from cnvd - Published: 2016-06-15
VLAI Severity ?
Title
HPE Discovery and Dependency Mapping Inventory任意命令执行漏洞
Description
HPE Discovery and Dependency Mapping Inventory(DDMi)是美国惠普企业(Hewlett Packard Enterprise,HPE)公司的一套用于自动发现和记录客户端设备信息来帮助IT部门管理、控制成本和风险的解决方案。Apache Commons Collections(ACC)是美国阿帕奇(Apache)软件基金会的一个Apache Commons项目的Commons Proper(可重复利用Java组件库)中的组件。 HPE DDMi的ACC中存在任意命令执行漏洞。远程攻击者可借助序列化的Java对象,利用该漏洞执行任意命令。
Severity
Patch Name
HPE Discovery and Dependency Mapping Inventory任意命令执行漏洞的补丁
Patch Description
HPE Discovery and Dependency Mapping Inventory(DDMi)是美国惠普企业(Hewlett Packard Enterprise,HPE)公司的一套用于自动发现和记录客户端设备信息来帮助IT部门管理、控制成本和风险的解决方案。Apache Commons Collections(ACC)是美国阿帕奇(Apache)软件基金会的一个Apache Commons项目的Commons Proper(可重复利用Java组件库)中的组件。 HPE DDMi的ACC中存在任意命令执行漏洞。远程攻击者可借助序列化的Java对象,利用该漏洞执行任意命令。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接: https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05164819

Reference
https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05164819
Impacted products
Name
['HP Discovery and Dependency Mapping Inventory 9.30', 'HP Discovery and Dependency Mapping Inventory 9.31', 'HP Discovery and Dependency Mapping Inventory 9.32', 'HP Discovery and Dependency Mapping Inventory 9.32 update 1', 'HP Discovery and Dependency Mapping Inventory 9.32 update 2', 'HP Discovery and Dependency Mapping Inventory 9.32 update 3']
Show details on source website
To clipboard 

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-4369"
    }
  },
  "description": "HPE Discovery and Dependency Mapping Inventory\uff08DDMi\uff09\u662f\u7f8e\u56fd\u60e0\u666e\u4f01\u4e1a\uff08Hewlett Packard Enterprise\uff0cHPE\uff09\u516c\u53f8\u7684\u4e00\u5957\u7528\u4e8e\u81ea\u52a8\u53d1\u73b0\u548c\u8bb0\u5f55\u5ba2\u6237\u7aef\u8bbe\u5907\u4fe1\u606f\u6765\u5e2e\u52a9IT\u90e8\u95e8\u7ba1\u7406\u3001\u63a7\u5236\u6210\u672c\u548c\u98ce\u9669\u7684\u89e3\u51b3\u65b9\u6848\u3002Apache Commons Collections\uff08ACC\uff09\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u8f6f\u4ef6\u57fa\u91d1\u4f1a\u7684\u4e00\u4e2aApache Commons\u9879\u76ee\u7684Commons Proper\uff08\u53ef\u91cd\u590d\u5229\u7528Java\u7ec4\u4ef6\u5e93\uff09\u4e2d\u7684\u7ec4\u4ef6\u3002\r\n\r\nHPE DDMi\u7684ACC\u4e2d\u5b58\u5728\u4efb\u610f\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u5e8f\u5217\u5316\u7684Java\u5bf9\u8c61\uff0c\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002",
  "discovererName": "HP",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05164819",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-04031",
  "openTime": "2016-06-15",
  "patchDescription": "HPE Discovery and Dependency Mapping Inventory\uff08DDMi\uff09\u662f\u7f8e\u56fd\u60e0\u666e\u4f01\u4e1a\uff08Hewlett Packard Enterprise\uff0cHPE\uff09\u516c\u53f8\u7684\u4e00\u5957\u7528\u4e8e\u81ea\u52a8\u53d1\u73b0\u548c\u8bb0\u5f55\u5ba2\u6237\u7aef\u8bbe\u5907\u4fe1\u606f\u6765\u5e2e\u52a9IT\u90e8\u95e8\u7ba1\u7406\u3001\u63a7\u5236\u6210\u672c\u548c\u98ce\u9669\u7684\u89e3\u51b3\u65b9\u6848\u3002Apache Commons Collections\uff08ACC\uff09\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u8f6f\u4ef6\u57fa\u91d1\u4f1a\u7684\u4e00\u4e2aApache Commons\u9879\u76ee\u7684Commons Proper\uff08\u53ef\u91cd\u590d\u5229\u7528Java\u7ec4\u4ef6\u5e93\uff09\u4e2d\u7684\u7ec4\u4ef6\u3002\r\n\r\nHPE DDMi\u7684ACC\u4e2d\u5b58\u5728\u4efb\u610f\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u5e8f\u5217\u5316\u7684Java\u5bf9\u8c61\uff0c\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "HPE Discovery and Dependency Mapping Inventory\u4efb\u610f\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "HP Discovery and Dependency Mapping Inventory 9.30",
      "HP Discovery and Dependency Mapping Inventory 9.31",
      "HP Discovery and Dependency Mapping Inventory 9.32",
      "HP Discovery and Dependency Mapping Inventory 9.32 update 1",
      "HP Discovery and Dependency Mapping Inventory 9.32 update 2",
      "HP Discovery and Dependency Mapping Inventory 9.32 update 3"
    ]
  },
  "referenceLink": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05164819",
  "serverity": "\u4e2d",
  "submitTime": "2016-06-13",
  "title": "HPE Discovery and Dependency Mapping Inventory\u4efb\u610f\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.