The H3C or HPE Intelligent Management Center (iMC) web server running on the remote host is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections (ACC) library. An unauthenticated, remote attacker can exploit this, by sending a crafted HTTP request, to execute arbitrary code on the target host.
Note that Intelligent Management Center (iMC) is an HPE product;
however, it is branded as H3C.
Binary data hp_imc_cve-2016-4372.nbin
Vendor | Product | Version | CPE |
---|---|---|---|
hp | intelligent_management_center | cpe:/a:hp:intelligent_management_center |