Apache Commons Collections and Apache Groovy vulnerabilities for handling Java object deserialization were addressed by IBM UrbanCode Build
CVE-ID: CVE-2015-7450 **Description:**Apache Commons Collections could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of data with Java InvokerTransformer class. By sending specially crafted data, an attacker could exploit this vulnerability to execute arbitrary Java code on the system. **CVSS Base Score: **9.8 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107918> for the current score *CVSS Environmental Score:**Undefined **CVSS Vector: **(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVE-ID: CVE-2015-3253 **Description:**Apache Groovy could allow a remote attacker to execute arbitrary code on the system, caused by the failure to isolate serialization code when using standard Java serialization mechanim to communicate between servers. An attacker could exploit this vulnerability to deserialize objects and execute arbitrary code on the system or cause a denial of service. **CVSS Base Score: **7.3 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/104819> for the current score *CVSS Environmental Score:**Undefined **CVSS Vector: **(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/C:L/I:L/A:L)
IBM UrbanCode Build 6.1.0, 6.1.0.1, 6.1.0.2, and 6.1.1 on all supported platforms.
Upgrade to IBM UrbanCode Build 6.1.1.1.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm urbancode build | eq | 6.1 | |
ibm urbancode build | eq | 6.1.0.1 | |
ibm urbancode build | eq | 6.1.0.2 | |
ibm urbancode build | eq | 6.1.1 |