9 matches found
Security Bulletin: IBM Tivoli Business Service Manager is vulnerable to Deserialization of Untrusted Data due to Apache Commons Collections (CVE-2015-6420)
Summary Apache Commons Collections is shipped with IBM Tivoli Business Service Manager as part of its backend process to enhance Java operations. Information about a security vulnerability affecting Apache Commons Collections has been published in a security bulletin. Vulnerability Details...
Security Bulletin: IBM Sterling Global Mailbox is vulnerable to arbitrary code execution due to Apache Commons Collections [CVE-2015-6420, CVE-2017-15708]
Summary Vulnerability in Apache Commons Collections library shipped with IBM Sterling Global Mailbox has been addressed. CVE-2015-6420, CVE-2017-15708 Vulnerability Details CVEID:CVE-2015-6420 DESCRIPTION: Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint...
Security Bulletin: IBM Planning Analytics Workspace is affected by security vulnerabilities
Summary The Planning Analytics Workspace component of IBM Planning Analytics is affected by multiple vulnerabilities . These have been addressed in IBM Planning Analytics Local v2.0 - Planning Analytics Workspace Release 54. Vulnerability Details CVEID: CVE-2020-4527 DESCRIPTION: IBM Planning...
be.ordina:microservices-dashboard-server (=1.0.1), br.com.ingenieux:apigateway-maven-plugin (>=1.5.1 <=1.5.6) +1495 more potentially affected by CVE-2015-6420 via org.apache.commons:commons-collections4 (=4.0)
org.apache.commons:commons-collections4 MAVEN version =4.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.commons:commons-collections4 and may be impacted: - be.ordina:microservices-dashboard-server =1.0.1 -...
CVE-2015-6420
creationtimestamp| type| source ---|---|--- 2018-09-26 17:10:06+00:00| seen| MISP/5babbc5a-a658-4b4b-8b94-2c060a021402 2023-12-11 12:08:49+00:00| seen| https://t.me/arpsyndicate/1728 2025-04-19 21:02:14+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3ln6ztj6gwt2h 2025-08-27...
TP-Link EAP Controller lacks RMI authentication and is vulnerable to deserialization attacks
Overview The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices. EAP Controller for Linux lacks user authentication for RMI service commands, as well as utilizes an outdated vulnerable version of Apache commons-collections, which may allow an...
Cisco Unified Communications Manager Java Object Deserialization RCE (CSCux34835)
According to its self-reported version, the Cisco Unified Communications Manager CUCM running on the remote device is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections ACC library. An unauthenticated...
CVE-2015-6420
CVE-2015-6420 involves deserialization of untrusted data via Apache Commons Collections in various IBM/Oracle/Cisco-linked products. IBM entries show affected IBM Content Navigator (3.0.15, 3.1.0, 3.2.0) and IBM Integration Designer/Log Analysis lines; remediation requires upgrading to fixed comp...
Potential Remote Code Execution Via Java Object Deserialization
Apache Commons includes a class called InvokerTransformer. An application is vulnerable to a deserialization attack if this class is available on the classpath and the application deserializes untrusted or user-supplied data. It's not necessary to actually use InvokerTransfomer to be vulnerable...