CVE-2015-6934: Input Validation
First published: Mon Dec 21 2015(Updated: )
Serialized-object interfaces in VMware vRealize Orchestrator 6.x, vCenter Orchestrator 5.x, vRealize Operations 6.x, vCenter Operations 5.x, and vCenter Application Discovery Manager (vADM) 7.x allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VMware vCenter Orchestrator | =5.5 | |
| VMware vCenter Orchestrator | =5.5.1 | |
| VMware vCenter Orchestrator | =5.5.2 | |
| VMware vCenter Orchestrator | =5.5.2.1 | |
| VMware vRealize Orchestrator | =6.0.1 | |
| VMware vRealize Orchestrator | =6.0.2 | |
| VMware vRealize Orchestrator | =6.0.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/tags
- agent/description
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/vmware
- canonical/vmware vcenter orchestrator
- version/vmware vcenter orchestrator/5.5
- version/vmware vcenter orchestrator/5.5.1
- version/vmware vcenter orchestrator/5.5.2
- version/vmware vcenter orchestrator/5.5.2.1
- canonical/vmware vrealize orchestrator
- version/vmware vrealize orchestrator/6.0.1
- version/vmware vrealize orchestrator/6.0.2
- version/vmware vrealize orchestrator/6.0.3