9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
Apache Commons Collections and Apache Groovy vulnerabilities for handling Java object deserialization were addressed by IBM UrbanCode Build
CVE-ID: CVE-2015-7450 **Description:**Apache Commons Collections could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of data with Java InvokerTransformer class. By sending specially crafted data, an attacker could exploit this vulnerability to execute arbitrary Java code on the system. **CVSS Base Score: **9.8 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107918> for the current score *CVSS Environmental Score:**Undefined **CVSS Vector: **(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVE-ID: CVE-2015-3253 **Description:**Apache Groovy could allow a remote attacker to execute arbitrary code on the system, caused by the failure to isolate serialization code when using standard Java serialization mechanim to communicate between servers. An attacker could exploit this vulnerability to deserialize objects and execute arbitrary code on the system or cause a denial of service. **CVSS Base Score: **7.3 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/104819> for the current score *CVSS Environmental Score:**Undefined **CVSS Vector: **(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/C:L/I:L/A:L)
IBM UrbanCode Build 6.1.0, 6.1.0.1, 6.1.0.2, and 6.1.1 on all supported platforms.
Upgrade to IBM UrbanCode Build 6.1.1.1.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm urbancode build | eq | 6.1 | |
ibm urbancode build | eq | 6.1.0.1 | |
ibm urbancode build | eq | 6.1.0.2 | |
ibm urbancode build | eq | 6.1.1 |
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C