Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2015-7501

Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

Published

2017-11-09T17:29:00.203

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

10.0

Impact Score

10.0

Weaknesses

Type: Primary
CWE-502

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	redhat	data_grid	6.0.0	Yes
Application	redhat	jboss_a-mq	6.0.0	Yes
Application	redhat	jboss_bpm_suite	6.0.0	Yes
Application	redhat	jboss_data_virtualization	5.0.0	Yes
Application	redhat	jboss_data_virtualization	6.0.0	Yes
Application	redhat	jboss_enterprise_application_platform	4.3.0	Yes
Application	redhat	jboss_enterprise_application_platform	5.0.0	Yes
Application	redhat	jboss_enterprise_application_platform	6.0.0	Yes
Application	redhat	jboss_enterprise_brms_platform	5.0.0	Yes
Application	redhat	jboss_enterprise_brms_platform	6.0.0	Yes
Application	redhat	jboss_enterprise_soa_platform	5.0.0	Yes
Application	redhat	jboss_enterprise_web_server	3.0.0	Yes
Application	redhat	jboss_fuse	6.0.0	Yes
Application	redhat	jboss_fuse_service_works	6.0	Yes
Application	redhat	jboss_operations_network	3.0	Yes
Application	redhat	jboss_portal	6.0.0	Yes
Application	redhat	openshift	3.0	Yes
Application	redhat	subscription_asset_manager	1.3.0	Yes
Application	redhat	xpaas	3.0.0	Yes

References

http://rhn.redhat.com/errata/RHSA-2015-2500.html ([email protected])
http://rhn.redhat.com/errata/RHSA-2015-2501.html ([email protected])
http://rhn.redhat.com/errata/RHSA-2015-2502.html ([email protected])
http://rhn.redhat.com/errata/RHSA-2015-2514.html ([email protected])
http://rhn.redhat.com/errata/RHSA-2015-2516.html ([email protected])
http://rhn.redhat.com/errata/RHSA-2015-2517.html ([email protected])
http://rhn.redhat.com/errata/RHSA-2015-2521.html ([email protected])
http://rhn.redhat.com/errata/RHSA-2015-2522.html ([email protected])
http://rhn.redhat.com/errata/RHSA-2015-2524.html ([email protected])
http://rhn.redhat.com/errata/RHSA-2015-2670.html ([email protected])
http://rhn.redhat.com/errata/RHSA-2015-2671.html ([email protected])
http://rhn.redhat.com/errata/RHSA-2016-0040.html ([email protected])
http://rhn.redhat.com/errata/RHSA-2016-1773.html ([email protected])
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html ([email protected])
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html ([email protected])
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html ([email protected])
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html ([email protected])
http://www.securityfocus.com/bid/78215 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id/1034097 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id/1037052 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id/1037053 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id/1037640 Third Party Advisory, VDB Entry ([email protected])
https://access.redhat.com/security/vulnerabilities/2059393 Vendor Advisory ([email protected])
https://access.redhat.com/solutions/2045023 Vendor Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=1279330 Issue Tracking, Third Party Advisory, VDB Entry, Vendor Advisory ([email protected])
https://rhn.redhat.com/errata/RHSA-2015-2536.html ([email protected])
https://security.netapp.com/advisory/ntap-20240216-0010/ ([email protected])
https://www.oracle.com/security-alerts/cpujul2020.html ([email protected])
http://rhn.redhat.com/errata/RHSA-2015-2500.html (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2015-2501.html (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2015-2502.html (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2015-2514.html (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2015-2516.html (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2015-2517.html (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2015-2521.html (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2015-2522.html (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2015-2524.html (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2015-2670.html (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2015-2671.html (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2016-0040.html (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2016-1773.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/78215 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1034097 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1037052 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1037053 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1037640 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/security/vulnerabilities/2059393 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/solutions/2045023 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=1279330 Issue Tracking, Third Party Advisory, VDB Entry, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://rhn.redhat.com/errata/RHSA-2015-2536.html (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20240216-0010/ (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpujul2020.html (af854a3a-2127-422b-91ae-364da2661108)