Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
githubGitHub Advisory DatabaseGHSA-6HGM-866R-3CJV
HistoryJun 15, 2020 - 8:36 p.m.

Insecure Deserialization in Apache Commons Collection

2020-06-1520:36:20
CWE-502
GitHub Advisory Database
github.com
192

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.009

Percentile

82.6%

JSON

Serialized-object interfaces in Java applications using the Apache Commons Collections (ACC) library may allow remote attackers to execute arbitrary commands via a crafted serialized Java object.

Affected configurations

Vulners
Node
org.apache.servicemix.bundlesorg.apache.servicemix.bundles.commons-collectionsRange3.2.1
OR
org.apache.servicemix.bundlesorg.apache.servicemix.bundles.collections-genericRange4.01
OR
net.sourceforge.collectionscollections-genericRange4.0.1
OR
commons-collectionscommons-collectionsRange<3.2.2
OR
org.apache.commonscommons-collections4Range<4.1
VendorProductVersionCPE
org.apache.servicemix.bundlesorg.apache.servicemix.bundles.commons-collections*cpe:2.3:a:org.apache.servicemix.bundles:org.apache.servicemix.bundles.commons-collections:*:*:*:*:*:*:*:*
org.apache.servicemix.bundlesorg.apache.servicemix.bundles.collections-generic*cpe:2.3:a:org.apache.servicemix.bundles:org.apache.servicemix.bundles.collections-generic:*:*:*:*:*:*:*:*
net.sourceforge.collectionscollections-generic*cpe:2.3:a:net.sourceforge.collections:collections-generic:*:*:*:*:*:*:*:*
commons-collectionscommons-collections*cpe:2.3:a:commons-collections:commons-collections:*:*:*:*:*:*:*:*
org.apache.commonscommons-collections4*cpe:2.3:a:org.apache.commons:commons-collections4:*:*:*:*:*:*:*:*

Related

nessus 3
osv 1
openvas 1
veracode 3
prion 1
cvelist 1
cisco 1
nvd 1
thn 1
cve 1
mskb 1
cert 2
ibm 12
impervablog 1
oracle 1
nessus
nessus
Cisco Unified Communications Manager Java Object Deserialization RCE (CSCux34835)
2016-10-10 00:00:00
Cisco Security Manager Java Object Deserialization RCE (CSCux34671)
2017-05-02 00:00:00
Cisco Prime LAN Management Solution Java Object Deserialization RCE (CSCux34647)
2017-05-02 00:00:00
osv
osv
Insecure Deserialization in Apache Commons Collection
2020-06-15 20:36:20
openvas
openvas
Cisco Webex Meetings Server Java Deserialization Vulnerability
2016-09-22 00:00:00
veracode
veracode
Arbitrary Code Execution
2019-03-21 08:10:25
Arbitrary Code Execution
2019-07-08 10:38:22
Potential Remote Code Execution Via Java Object Deserialization
2015-11-09 19:34:22
prion
prion
Code injection
2015-12-15 05:59:00
cvelist
cvelist
CVE-2015-6420
2015-12-15 02:00:00
cisco
cisco
Vulnerability in Java Deserialization Affecting Cisco Products
2015-12-09 16:00:00
nvd
nvd
CVE-2015-6420
2015-12-15 05:59:07
thn
thn
Google Employees Help Thousands Of Open Source Projects Patch Critical ‘Mad Gadget Bug’
2017-03-02 00:48:00
cve
cve
CVE-2015-6420
2015-12-15 05:59:07
mskb
mskb
KB5003279 - SQL Server 2016 Service Pack 3 release information
1970-01-01 00:00:00
cert
cert
TP-Link EAP Controller lacks RMI authentication and is vulnerable to deserialization attacks
2018-09-26 00:00:00
Apache Commons Collections Java library insecurely deserializes data
2015-11-13 00:00:00
ibm
ibm
Security Bulletin: IBM Sterling Global Mailbox is vulnerable to arbitrary code execution due to Apache Commons Collections [CVE-2015-6420, CVE-2017-15708]
2023-07-21 12:22:34
Security Bulletin: IBM Planning Analytics Workspace is affected by security vulnerabilities
2020-07-17 16:51:47
Security Bulletin: IBM Jazz for Service Management (JazzSM) is affected with multiple vulnerabilities (CVE-2015-4852, CVE-2015-6420, CVE-2017-15708)
2020-10-20 11:33:26
impervablog
impervablog
Deserialization Attacks Surge Motivated by Illegal Crypto-mining
2018-01-24 17:45:08
oracle
oracle
CPU July 2018
2018-07-17 00:00:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.009

Percentile

82.6%

JSON
Related for GHSA-6HGM-866R-3CJV
nessus3osv1openvas1veracode3prion1cvelist1cisco1nvd1thn1cve1mskb1cert2ibm12impervablog1oracle1