HPE.IMC.AccessMgrServlet.className.Insecure.Deserialization
Description
This indicates an attack attempt to exploit an Insecure Deserialization Vulnerability in HP Intelligent Management Center.
A remote, authenticated attacker can exploit this vulnerability by sending a request message with a serialized object of class MgrReqMsg with a specially crafted className class member. Successful exploitation results in the execution of arbitrary code under the context of the SYSTEM or root user.
Affected Products
HP Intelligent Management Center 7.3 E0506P09 and prior
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03930en_us
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |