logo
DATABASE RESOURCES PRICING ABOUT US

H3C / HPE Intelligent Management Center Java Object Deserialization RCE

Description

The H3C or HPE Intelligent Management Center (iMC) web server running on the remote host is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections (ACC) library. An unauthenticated, remote attacker can exploit this, by sending a crafted HTTP request, to execute arbitrary code on the target host. Note that Intelligent Management Center (iMC) is an HPE product; however, it is branded as H3C.


Related