HPE Network Automation RPCServlet Insecure Deserialization (CVE-2016-8511)

An insecure deserialization vulnerability has been reported in the RPCServlet of HPE Network Automation. The vulnerability is due to the deserialization of untrusted data. A remote attacker can exploit this vulnerability sending a request with crafted serialized data to the exposed RPCServlet. Successful exploitation would result in the execution of arbitrary code under the context of the process.

Leave a Reply