Serialized-object interfaces in VMware vRealize Orchestrator 6.x, vCenter Orchestrator 5.x, vRealize Operations 6.x, vCenter Operations 5.x, and vCenter Application Discovery Manager (vADM) 7.x allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 02:35
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.securityfocus.com/bid/79648 - | |
References | () http://www.vmware.com/security/advisories/VMSA-2015-0009.html - Vendor Advisory |
Information
Published : 2015-12-21 03:59
Updated : 2024-11-21 02:35
NVD link : CVE-2015-6934
Mitre link : CVE-2015-6934
CVE.ORG link : CVE-2015-6934
JSON object : View
Products Affected
vmware
- vrealize_orchestrator
- vcenter_orchestrator
CWE
CWE-20
Improper Input Validation