Arbitrary Command Execution via Serialized Java Object in VMware Products

Arbitrary Command Execution via Serialized Java Object in VMware Products

CVE-2015-6934 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Serialized-object interfaces in VMware vRealize Orchestrator 6.x, vCenter Orchestrator 5.x, vRealize Operations 6.x, vCenter Operations 5.x, and vCenter Application Discovery Manager (vADM) 7.x allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.

Learn more about our Cis Benchmark Audit For Apache Http Server.