CRITICAL✓ PATCH🇬🇧 English

CVE-2015-7501

CVSS 9.8v3.0pub. 2017-11-09upd. 2026-05-13

Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Red Hat Data Grid

    APP
    Redhat
    6.0.0
  • Red Hat Jboss A Mq

    APP
    Redhat
    6.0.0
  • Red Hat Jboss Bpm Suite

    APP
    Redhat
    6.0.0
  • Red Hat Jboss Data Virtualization

    APP
    Redhat
    5.0.06.0.0
  • Red Hat Jboss Enterprise Application Platform

    APP
    Redhat
    4.3.05.0.06.0.0
  • Red Hat Jboss Enterprise Brms Platform

    APP
    Redhat
    5.0.06.0.0
  • Red Hat Jboss Enterprise Soa Platform

    APP
    Redhat
    5.0.0
  • Red Hat Jboss Enterprise Web Server

    APP
    Redhat
    3.0.0
  • Red Hat Jboss Fuse

    APP
    Redhat
    6.0.0
  • Red Hat Jboss Fuse Service Works

    APP
    Redhat
    6.0
  • Red Hat Jboss Operations Network

    APP
    Redhat
    3.0
  • Red Hat Jboss Portal

    APP
    Redhat
    6.0.0
  • Red Hat Openshift

    APP
    Redhat
    3.0
  • Red Hat Subscription Asset Manager

    APP
    Redhat
    1.3.0
  • Red Hat Xpaas

    APP
    Redhat
    3.0.0
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
Deserialization
CWE
Referencje

Powiązane podatności

CVE-2017-12149CRITICAL9.8⚠ KEVten sam produkt

In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the...

CVE-2016-8735CRITICAL9.8⚠ KEVten sam produkt

Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5....

CVE-2025-12543CRITICAL9.6PL ✓ten sam produkt

Brak walidacji nagłówka Host w serwerze Undertow HTTP

CVE-2013-4561CRITICAL9.1ten sam produkt

In a openshift node, there is a cron job to update mcollective facts that mishandles a temporary file. This ma...

CVE-2021-20578CRITICAL9.8ten sam produkt

IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 could allow an attacker to perform un...