Security Bulletin: Multiple vulnerabilities in bundled components affects IBM SPSS Analytic Server (CVE-2015-7450).

Summary An Apache Commons Collections vulnerability in handling Java object deserialization was addressed by IBM SPSS Analytic Server. An updated IBM WebSphere Liberty run time is shipped to address a security vulnerability in IBM SPSS Analytic Server. Vulnerability Details CVEID: CVE-2015-7450...

Security Bulletin: Vulnerability in Apache Commons affects IBM InfoSphere Information Server (CVE-2015-7450)

Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by IBM InfoSphere Information Server. Information about this security vulnerability has been published in a WebSphere Application Server security bulletin. Vulnerability Details CVEID:...

Security Bulletin: Vulnerability in Apache Commons affects IBM Cognos Controller (CVE-2015-7450)

Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by IBM Cognos Controller. Vulnerability Details CVEID: CVE-2015-7450 DESCRIPTION: Apache Commons Collections could allow a remote attacker to execute arbitrary code on the system, caused by...

Security Bulletin: Vulnerability in Apache Commons affects IBM Algo Credit Administrator (CVE-2015-7450)

Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by IBM Algo Credit Administrator Vulnerability Details CVEID: CVE-2015-7450 DESCRIPTION: Apache Commons Collections could allow a remote attacker to execute arbitrary code on the system,...

Security Bulletin: Vulnerability in Apache Commons might affect WebSphere Industry Content Packs and IBM Business Process Manager Industry Packs (CVE-2015-7450)

Summary A vulnerability for handling Java object deserialization in the Apache Commons Collections open source library has been reported. A vulnerable version of the library is included in templates shipped with WebSphere Industry Content Packs and IBM Business Process Manager Industry Packs...

Security Bulletin: Vulnerability in Apache Commons affects IBM WebSphere Appliance Management Center (CVE-2015-7450)

Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by IBM WebSphere Appliance Management Center. Vulnerability Details CVEID: CVE-2015-7450 DESCRIPTION: Apache Commons Collections could allow a remote attacker to execute arbitrary code on th...

Important: Red Hat Security Advisory: rh-java-common-xmlrpc security update

An update for rh-java-common-xmlrpc is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RHEL 7 : xmlrpc (RHSA-2018:1780)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:1780 advisory. - xmlrpc: Deserialization of untrusted Java object through tag CVE-2016-5003 Note that Nessus has not tested for this issue but has instead relied on...

Scientific Linux Security Update : xmlrpc3 on SL6.x (noarch) (20180531)

Security Fixes : - xmlrpc: Deserialization of untrusted Java object through tag CVE-2016-5003 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid110283; scriptversion"1.5"; scriptsetattributeattribute:"pluginmodificationdate",...

RHEL 6 : xmlrpc3 (RHSA-2018:1779)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:1779 advisory. Apache XML-RPC is a Java implementation of XML-RPC, a popular protocol that uses XML over HTTP to implement remote procedure calls. Security Fixes:...

Important: Red Hat Security Advisory: xmlrpc security update

An update for xmlrpc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Vigor ACS Unsafe Flex AMF Java Object Deserialization(CVE-2017-5641)

Vulnerability Summary A vulnerability in Vigor ACS allows unauthenticated users to cause the product to execute arbitrary code. VigorACS 2 “is a powerful centralized management software for Vigor Routers and VigorAPs, it is an integrated solution for configuring, monitoring, and maintenance of...

The vulnerability of the Cisco Secure Access Control System’s access control software lies in the ability to restore a questionable data structure in memory, allowing an intruder to execute arbitrary commands with root privileges.

The vulnerability of the Cisco Secure Access Control System ACS management software exists due to insufficient validation of input data and the inability to restore a reliable data structure in memory. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary...

U.S. Dept Of Defense: Remote Code Execution (RCE) in a DoD website

SUMMARY: ==================== This report describes a vulnerability similar to that described in my other reports 329376, 329397, 329399 The DoD https://████/psc/EXPROD/ Web System uses the Oracle PeopleSoft platform which is vulnerable to Remote Code Execution RCE and Denial of Service Attacks D...

U.S. Dept Of Defense: Remote Code Execution (RCE) in a DoD website

SUMMARY: ==================== The DoD https://███/psc/EXPROD/ Web System uses the Oracle PeopleSoft platform which is vulnerable to Remote Code Execution RCE and Denial of Service Attacks DoS over a Java Object Deserialization CWE-502 in the “monitor” service. Thus an attacker can generate and se...

U.S. Dept Of Defense: Remote Code Execution (RCE) in a DoD website

SUMMARY: ==================== The DoD https://██████/psc/EXPROD1/ Web System uses the Oracle PeopleSoft platform which is vulnerable to Remote Code Execution RCE and Denial of Service Attacks DoS over a Java Object Deserialization CWE-502 in the “monitor” service. Thus an attacker can generate an...

CVE-2018-0147

A vulnerability in Java deserialization used by Cisco Secure Access Control System ACS prior to release 5.8 patch 9 could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by...

Adobe Coldfusion 11.0.03.292866 - BlazeDS Java Object Deserialization Remote Code Execution

Adobe Coldfusion 11.0.03.292866 - BlazeDS Java Object Deserialization Remote Code Execution Exploit Title: Adobe Coldfusion BlazeDS Java Object Deserialization RCE Date: February 6, 2018 Exploit Author: Faisal Tameesh @DreadSystems Company: Depth Security https://depthsecurity.com Version: Adobe...

The vulnerability of the Apache XML-RPC library (ws-xmlrpc) arises from the possibility of retrieving data from external sources without sufficient verification. This allows attackers to execute arbitrary code.

The vulnerability of the Apache XML-RPC library exists due to the retrieval of data from an external source without sufficient verification. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted serializable Java object, with the use of the...

Design/Logic Flaw

The camel-hessian component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws...