Home

CVE-2015-7501

Description

Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
71.461

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities are affected in Oracle WebLogic Server 12.1.3.0Windows
Multiple vulnerabilities are affected in Oracle WebLogic Server 10.3.6.0Windows
Vulnerabilities CVE-2015-7501,CVE-2015-6420 are fixed in Apache-commons-collections 3.2.2Windows
Vulnerabilities CVE-2015-7501,CVE-2015-6420 are fixed in Apache-commons-collections4 4.1Windows
Multiple vulnerabilities are affected in Oracle WebLogic Server 12.2.1.0Windows
Vulnerabilities CVE-2015-7501 are affected in Oracle Communications Order and Service Management 7.2.4Windows
Vulnerabilities CVE-2015-7501,CVE-2018-2567 are affected in Oracle Communications Order and Service Management 7.3.0Windows
Vulnerabilities CVE-2015-7501 are affected in Oracle Communications Order and Service Management 7.3.1Windows
Vulnerabilities CVE-2015-7501 are affected in Oracle Communications Order and Service Management 7.3.5Windows
Multiple vulnerabilities are affected in Oracle Primavera P6 Enterprise Project Portfolio Management 8.2Windows
Multiple vulnerabilities are affected in Oracle Primavera P6 Enterprise Project Portfolio Management 8.3Windows
Multiple vulnerabilities are affected in Oracle Primavera P6 Enterprise Project Portfolio Management 8.4Windows
Multiple vulnerabilities are affected in Oracle Primavera P6 Enterprise Project Portfolio Management 15.1Windows
Multiple vulnerabilities are affected in Oracle Primavera P6 Enterprise Project Portfolio Management 15.2Windows
Multiple vulnerabilities are affected in Oracle Primavera P6 Enterprise Project Portfolio Management 16.1Windows
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 5.0.0Windows
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 4.3.0Windows
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 6.0.0Windows
Vulnerabilities CVE-2015-7501 are affected in Red Hat Data Grid 8 6.0.0Windows
Multiple Vulnerabilities are affected in IBM Cognos Controller 11.0.1Windows
Vulnerabilities CVE-2015-7501 are affected in Sourceforge - collections-generic 4.01Windows
Vulnerabilities CVE-2015-7501 are affected in Apache - org.apache.servicemix.bundles.collections-generic 4.1Windows
Vulnerabilities CVE-2015-7501 are affected in Apache - org.apache.servicemix.bundles.commons-collections 3.2.1Windows
Jakarta-commons-collections security update (CESA-2015:2521) jakarta-commons-collections-3.2.1-3.5.el6_7.noarch.rpmLinux
Jakarta-commons-collections security update (CESA-2015:2521) jakarta-commons-collections-javadoc-3.2.1-3.5.el6_7.noarch.rpmLinux
Jakarta-commons-collections security update (CESA-2015:2521) jakarta-commons-collections-tomcat5-3.2.1-3.5.el6_7.noarch.rpmLinux
Jakarta-commons-collections security update (CESA-2015:2521) jakarta-commons-collections-testframework-3.2.1-3.5.el6_7.noarch.rpmLinux
Jakarta-commons-collections security update (CESA-2015:2521) jakarta-commons-collections-testframework-javadoc-3.2.1-3.5.el6_7.noarch.rpmLinux
(RHSA-2015:2521) Important: jakarta-commons-collections security update jakarta-commons-collections-3.2.1-3.5.el6_7.noarch.rpmLinux
(RHSA-2015:2521) Important: jakarta-commons-collections security update jakarta-commons-collections-javadoc-3.2.1-3.5.el6_7.noarch.rpmLinux
(RHSA-2015:2521) Important: jakarta-commons-collections security update jakarta-commons-collections-testframework-3.2.1-3.5.el6_7.noarch.rpmLinux
(RHSA-2015:2521) Important: jakarta-commons-collections security update jakarta-commons-collections-testframework-javadoc-3.2.1-3.5.el6_7.noarch.rpmLinux
(RHSA-2015:2521) Important: jakarta-commons-collections security update jakarta-commons-collections-tomcat5-3.2.1-3.5.el6_7.noarch.rpmLinux
Apache-commons-collections update (ELSA-2015-2522) apache-commons-collections-3.2.1-22.el7_2.noarch.rpmLinux
Apache-commons-collections-javadoc update (ELSA-2015-2522) apache-commons-collections-javadoc-3.2.1-22.el7_2.noarch.rpmLinux
Apache-commons-collections-testframework update (ELSA-2015-2522) apache-commons-collections-testframework-3.2.1-22.el7_2.noarch.rpmLinux
Apache-commons-collections-testframework-javadoc update (ELSA-2015-2522) apache-commons-collections-testframework-javadoc-3.2.1-22.el7_2.noarch.rpmLinux
(RHSA-2015:2522)Important: security update apache-commons-collections-3.2.1-22.el7_2.noarch.rpmLinux
(RHSA-2015:2522)Important: security update apache-commons-collections-javadoc-3.2.1-22.el7_2.noarch.rpmLinux
(RHSA-2015:2522)Important: security update apache-commons-collections-testframework-3.2.1-22.el7_2.noarch.rpmLinux
(RHSA-2015:2522)Important: security update apache-commons-collections-testframework-javadoc-3.2.1-22.el7_2.noarch.rpmLinux
Vulnerabilities CVE-2015-7501,CVE-2015-6420 are fixed in Apache-commons-collections for Linux 3.2.2Linux
Vulnerabilities CVE-2015-7501,CVE-2015-6420 are fixed in Apache-commons-collections4 for Linux 4.1Linux
Vulnerabilities CVE-2015-7501 are affected in Sourceforge - collections-generic for Linux 4.01Linux
Vulnerabilities CVE-2015-7501 are affected in Apache - org.apache.servicemix.bundles.collections-generic for Linux 4.1Linux
Vulnerabilities CVE-2015-7501 are affected in Apache - org.apache.servicemix.bundles.commons-collections for Linux 3.2.1Linux
Deserialization of Untrusted Data Vulnerability (CVE-2015-7501)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234