Arbitrary Code Execution

🗓️ 08 Jul 2019 10:38:22Reported by Veracode Vulnerability DatabaseType

veracode

veracode🔗 sca.analysiscenter.veracode.com👁 70 Views

Vulnerability to arbitrary code execution via serialized Java object

Reporter	Title	Published	Views	Family All 45
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities	8 Jun 202321:56	–	ibm
IBM Security Bulletins	Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Apache Commons Collections	18 Oct 202401:43	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Sterling Global Mailbox is vulnerable to arbitrary code execution due to Apache Commons Collections [CVE-2015-6420, CVE-2017-15708]	21 Jul 202312:22	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Jazz for Service Management (JazzSM) is affected with multiple vulnerabilities (CVE-2015-4852, CVE-2015-6420, CVE-2017-15708)	20 Oct 202011:33	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Tivoli Business Service Manager is vulnerable to Deserialization of Untrusted Data due to Apache Commons Collections (CVE-2015-6420)	14 Jan 202618:56	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Apache Commons Collections, Apache Synapse, Oracle WebLogic Server, MuleSoft and Red Hat JBoss might affect IBM Storage Copy Data Management.	24 Jan 202519:11	–	ibm
IBM Security Bulletins	Security Bulletin: Due to use of Apache Commons, IBM Operations Analytics - Log Analysis is affected by Improper Handling of Untrusted Input During Deserialization	9 Oct 202506:58	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities (CVE-2022-48195, CVE-2022-29577, CVE-2022-28367)	17 Oct 202400:30	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Planning Analytics Workspace is affected by security vulnerabilities	17 Jul 202016:51	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Privileged Identity Manager is affected by multiple security vulnerabilities	19 Aug 201920:44	–	ibm

Vulners

Node

commons-collections commons-collectionsRange3.0–3.2.1java

OR

apache commons-collections4Match4.0java

Source	Link
issues	www.issues.apache.org/jira/browse/COLLECTIONS-580
github	www.github.com/apache/commons-collections/commit/e585cd0433ae4cfbc56e58572b9869bd0c86b611
tools	www.tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-java-deserialization
tools	www.tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-java-deserialization
securityfocus	www.securityfocus.com/bid/78872
foxglovesecurity	www.foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/
h20566	www.h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay
h20566	www.h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay
news	www.news.apache.org/foundation/entry/apache_commons_statement_to_widespread
kb	www.kb.cert.org/vuls/id/576313

25 Mar 2025 19:03Current

7.2High risk

Vulners AI Score7.2

CVSS 27.5

EPSS0.212

arbitrary code execution commons-collections remote attacker serialized java object security vulnerability software