CVE-2015-7450
published 2016-01-02CVE-2015-7450: Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2022-07-10
Exploited in the wild
Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransformer class in the Apache Commons Collections library.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | sterling_b2b_integrator | — | — |
| ibm | sterling_integrator | — | — |
| ibm | tivoli_common_reporting | — | — |
| ibm | tivoli_common_reporting | — | — |
| ibm | tivoli_common_reporting | — | — |
| ibm | tivoli_common_reporting | — | — |
| ibm | tivoli_common_reporting | — | — |
| ibm | tivoli_common_reporting | — | — |
| ibm | tivoli_common_reporting | — | — |
| ibm | tivoli_common_reporting | — | — |
| ibm | watson_content_analytics | 3.0 – 3.0.0.6 | — |
| ibm | watson_content_analytics | 3.5 – 3.5.0.3 | — |
| ibm | watson_explorer_analytical_components | — | — |
| ibm | watson_explorer_analytical_components | 10.0 – 10.0.0.2 | — |
| ibm | watson_explorer_annotation_administration_console | — | — |
| ibm | watson_explorer_annotation_administration_console | 10.0 – 10.0.0.2 | — |
| ibm | websphere_application_server | — | — |
| ibm | websphere_application_server | — | — |
| ibm | websphere_application_server | — | — |
| ibm | websphere_application_server | — | — |
| ibm | websphere_application_server | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
cisa9.8CRITICAL