VIR Vulnerability Intelligence Relay

CVE-2016-4369

high
Published 2016-06-08 · Modified 2026-05-06
CVSS v3
8.8
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v2
6.5
VIR risk
8.8

Description

HPE Discovery and Dependency Mapping Inventory (DDMi) 9.30, 9.31, 9.32, 9.32 update 1, 9.32 update 2, and 9.32 update 3 allows remote authenticated users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.

Predictions

Exploit likelihood
92%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05164819

Application impact
VendorProductVersionsFixed
hp hpdiscovery_and_dependency_mapping_inventory9.30
hp hpdiscovery_and_dependency_mapping_inventory9.31
hp hpdiscovery_and_dependency_mapping_inventory9.32

References

CWEs

CWE-284

Verify integrity in audit chain (admin only). AS-IS.