Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HRed Hat Data Grid
APPRedhat6.0.0Red Hat Jboss A Mq
APPRedhat6.0.0Red Hat Jboss Bpm Suite
APPRedhat6.0.0Red Hat Jboss Data Virtualization
APPRedhat5.0.06.0.0Red Hat Jboss Enterprise Application Platform
APPRedhat4.3.05.0.06.0.0Red Hat Jboss Enterprise Brms Platform
APPRedhat5.0.06.0.0Red Hat Jboss Enterprise Soa Platform
APPRedhat5.0.0Red Hat Jboss Enterprise Web Server
APPRedhat3.0.0Red Hat Jboss Fuse
APPRedhat6.0.0Red Hat Jboss Fuse Service Works
APPRedhat6.0Red Hat Jboss Operations Network
APPRedhat3.0Red Hat Jboss Portal
APPRedhat6.0.0Red Hat Openshift
APPRedhat3.0Red Hat Subscription Asset Manager
APPRedhat1.3.0Red Hat Xpaas
APPRedhat3.0.0
Related vulnerabilities
In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the...
Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5....
Brak walidacji nagłówka Host w serwerze Undertow HTTP
In a openshift node, there is a cron job to update mcollective facts that mishandles a temporary file. This ma...
IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 could allow an attacker to perform un...