Serialized-object interfaces in VMware vRealize Orchestrator 6.x, vCenter Orchestrator 5.x, vRealize Operations 6.x, vCenter Operations 5.x, and vCenter Application Discovery Manager (vADM) 7.x allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/79648 | |
http://www.vmware.com/security/advisories/VMSA-2015-0009.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2015-12-21 03:59
Updated : 2024-02-28 15:21
NVD link : CVE-2015-6934
Mitre link : CVE-2015-6934
CVE.ORG link : CVE-2015-6934
JSON object : View
Products Affected
vmware
- vcenter_orchestrator
- vrealize_orchestrator
CWE
CWE-20
Improper Input Validation