HPE patches net manager

HP Enterprise has posted an urgent patch for a remote code execution bug in its iMC network management systems.

The patch is for 2015's Apache Commons Collections Java deserialisation bug. As the Carnegie-Mellon CERT explains, “the ACC InvokerTransformer class may allow arbitrary code execution when used to deserialize data from untrusted sources”.

Back in November, the SANS Institute Internet Storm Center's CTO Johannes Ullrich predicted it would take some time for vendors to work through their inventories to find out which products used the affected library.

HPE's advisory says users should patch vulnerable versions of its iMC (Intelligent Management Center Platform) systems. ®