Lucene search
K

9 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/01/14 6:56 p.m.13 views

Security Bulletin: IBM Tivoli Business Service Manager is vulnerable to Deserialization of Untrusted Data due to Apache Commons Collections (CVE-2015-6420)

Summary Apache Commons Collections is shipped with IBM Tivoli Business Service Manager as part of its backend process to enhance Java operations. Information about a security vulnerability affecting Apache Commons Collections has been published in a security bulletin. Vulnerability Details...

9.8CVSS8.1AI score0.18763EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/21 12:22 p.m.95 views

Security Bulletin: IBM Sterling Global Mailbox is vulnerable to arbitrary code execution due to Apache Commons Collections [CVE-2015-6420, CVE-2017-15708]

Summary Vulnerability in Apache Commons Collections library shipped with IBM Sterling Global Mailbox has been addressed. CVE-2015-6420, CVE-2017-15708 Vulnerability Details CVEID:CVE-2015-6420 DESCRIPTION: Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint...

9.8CVSS8.3AI score0.18763EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/17 4:51 p.m.38 views

Security Bulletin: IBM Planning Analytics Workspace is affected by security vulnerabilities

Summary The Planning Analytics Workspace component of IBM Planning Analytics is affected by multiple vulnerabilities . These have been addressed in IBM Planning Analytics Local v2.0 - Planning Analytics Workspace Release 54. Vulnerability Details CVEID: CVE-2020-4527 DESCRIPTION: IBM Planning...

7.5CVSS1.3AI score0.18763EPSS
Exploits1Affected Software1
vulnersOsv
vulnersOsv
added 2020/06/15 8:36 p.m.4 views

be.ordina:microservices-dashboard-server (=1.0.1), br.com.ingenieux:apigateway-maven-plugin (>=1.5.1 <=1.5.6) +1495 more potentially affected by CVE-2015-6420 via org.apache.commons:commons-collections4 (=4.0)

org.apache.commons:commons-collections4 MAVEN version =4.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.commons:commons-collections4 and may be impacted: - be.ordina:microservices-dashboard-server =1.0.1 -...

9.8CVSS7AI score0.18763EPSS
Exploits1
Circl
Circl
added 2018/09/26 5:10 p.m.10 views

CVE-2015-6420

creationtimestamp| type| source ---|---|--- 2018-09-26 17:10:06+00:00| seen| MISP/5babbc5a-a658-4b4b-8b94-2c060a021402 2023-12-11 12:08:49+00:00| seen| https://t.me/arpsyndicate/1728 2025-04-19 21:02:14+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3ln6ztj6gwt2h 2025-08-27...

9.8CVSS7.6AI score0.18763EPSS
Exploits1References4
CERT
CERT
added 2018/09/26 12:0 a.m.670 views

TP-Link EAP Controller lacks RMI authentication and is vulnerable to deserialization attacks

Overview The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices. EAP Controller for Linux lacks user authentication for RMI service commands, as well as utilizes an outdated vulnerable version of Apache commons-collections, which may allow an...

10CVSS8.2AI score0.18763EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2016/10/10 12:0 a.m.373 views

Cisco Unified Communications Manager Java Object Deserialization RCE (CSCux34835)

According to its self-reported version, the Cisco Unified Communications Manager CUCM running on the remote device is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections ACC library. An unauthenticated...

9.8CVSS8.9AI score0.18763EPSS
Exploits1References4
CVE
CVE
added 2015/12/15 2:0 a.m.286 views

CVE-2015-6420

CVE-2015-6420 involves deserialization of untrusted data via Apache Commons Collections in various IBM/Oracle/Cisco-linked products. IBM entries show affected IBM Content Navigator (3.0.15, 3.1.0, 3.2.0) and IBM Integration Designer/Log Analysis lines; remediation requires upgrading to fixed comp...

9.8CVSS7.8AI score0.18763EPSS
Exploits1References12Affected Software1
Veracode
Veracode
added 2015/11/09 7:34 p.m.90 views

Potential Remote Code Execution Via Java Object Deserialization

Apache Commons includes a class called InvokerTransformer. An application is vulnerable to a deserialization attack if this class is available on the classpath and the application deserializes untrusted or user-supplied data. It's not necessary to actually use InvokerTransfomer to be vulnerable...

10CVSS9.7AI score0.97655EPSS
Exploits34References24Affected Software6
Rows per page
Query Builder