CVE-2015-6934
published 2015-12-21CVE-2015-6934: Serialized-object interfaces in VMware vRealize Orchestrator 6.x, vCenter Orchestrator 5.x, vRealize Operations 6.x, vCenter Operations 5.x, and vCenter…
high7.3CVSS 3.0
AVNACLPRNUINSUCLILAL
Serialized-object interfaces in VMware vRealize Orchestrator 6.x, vCenter Orchestrator 5.x, vRealize Operations 6.x, vCenter Operations 5.x, and vCenter Application Discovery Manager (vADM) 7.x allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vmware | vcenter_orchestrator | — | — |
| vmware | vcenter_orchestrator | — | — |
| vmware | vcenter_orchestrator | — | — |
| vmware | vcenter_orchestrator | — | — |
| vmware | vmware_vcenter_server | — | — |
| vmware | vrealize_orchestrator | — | — |
| vmware | vrealize_orchestrator | — | — |
| vmware | vrealize_orchestrator | — | — |