CVE-2015-6934Improper Input Validation in Vmware Vcenter Orchestrator

CWE-20Improper Input Validation3 documents3 sources
Severity
7.3HIGHNVD
EPSS
1.8%
top 17.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Vmware Vcenter OrchestratorVmware Vrealize Orchestrator
Timeline
PublishedDec 21
Latest updateMay 17

Description

Serialized-object interfaces in VMware vRealize Orchestrator 6.x, vCenter Orchestrator 5.x, vRealize Operations 6.x, vCenter Operations 5.x, and vCenter Application Discovery Manager (vADM) 7.x allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 3.9 | Impact: 3.4

Affected Packages2 packages

NVDvmware/vcenter_orchestrator4 versions+3
NVDvmware/vrealize_orchestrator6.0.1, 6.0.2, 6.0.3+2

🔴Vulnerability Details

2
GHSA
GHSA-24pf-jwjh-vhjw: Serialized-object interfaces in VMware vRealize Orchestrator 62022-05-17
CVEList
CVE-2015-6934: Serialized-object interfaces in VMware vRealize Orchestrator 62015-12-21
CVE-2015-6934 — Improper Input Validation in Vmware | cvebase