Arbitrary Command Execution via Serialized Java Object in VMware Products
CVE-2015-6934 · HIGH Severity
AV:N/AC:L/AU:N/C:P/I:P/A:P
Serialized-object interfaces in VMware vRealize Orchestrator 6.x, vCenter Orchestrator 5.x, vRealize Operations 6.x, vCenter Operations 5.x, and vCenter Application Discovery Manager (vADM) 7.x allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
Learn more about our Cis Benchmark Audit For Apache Http Server.