Hard-coded credentials for the diagnostics user can be used to authenticate in the UCMDB component.
Then a java deserialization vulnerability present in several endpoints of the UCMDB service can be used to execute OS commands.
Then a java deserialization vulnerability present in several endpoints of the UCMDB service can be used to execute OS commands.
CVE Link
Exploit Type
Product Name