Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network and Content Security Devices; Network Management and Provisioning; Routing and Switching - Enterprise and Service Provider; Unified Computing; Voice and Unified Communications Devices; Video, Streaming, TelePresence, and Transcoding Devices; Wireless; and Cisco Hosted Services products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. The Java artifact causing the deserialization vulnerability is Apache Commons Collections in versions 3.0 through 3.2.1 and version 4.0.
HIGH Vulnerable Package issue exists @ commons-collections:commons-collections in branch refs/heads/master
Description
Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network and Content Security Devices; Network Management and Provisioning; Routing and Switching - Enterprise and Service Provider; Unified Computing; Voice and Unified Communications Devices; Video, Streaming, TelePresence, and Transcoding Devices; Wireless; and Cisco Hosted Services products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. The Java artifact causing the deserialization vulnerability is Apache Commons Collections in versions 3.0 through 3.2.1 and version 4.0.
HIGH Vulnerable Package issue exists @ commons-collections:commons-collections in branch refs/heads/master
Vulnerability ID: CVE-2015-6420
Package Name: commons-collections:commons-collections
Severity: HIGH
CVSS Score: 7.5
Publish Date: 2015-12-15T05:59:00
Current Package Version: 3.2.1
Remediation Upgrade Recommendation: 3.2.2
Link To SCA
Reference – NVD link