CVE-2015-6934

7.3HIGH

Key Information:

Vendor: Vmware
Status: Vcenter Orchestrator; Vrealize Orchestrator
Vendor: CVE Published:; 21 December 2015

Summary

Serialized-object interfaces in VMware vRealize Orchestrator 6.x, vCenter Orchestrator 5.x, vRealize Operations 6.x, vCenter Operations 5.x, and vCenter Application Discovery Manager (vADM) 7.x allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.

References

http://www.vmware.com/security/advisories/VMSA-2015-0009....

x_refsource_CONFIRM

http://www.securityfocus.com/bid/79648

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 21, 2015
Vulnerability Reserved
Sep 14, 2015