Thursday, August 3, 2017

IBM Security Bulletin: Apache Commons Collection Java Deserialization Vulnerability in Multiple N series Products

Aug 3, 2017 10:00 am EDT

Categorized: High Severity

Share this post:

Multiple N series products incorporate the Apache Commons Collection library. Versions of Apache Commons Collection before 3.2.2 and including 4.0 are susceptible to a vulnerability that could be exploited to allow remote attackers to execute arbitrary commands on the system. Multiple N series products has addressed the applicable CVEs.

CVE(s): CVE-2015-7450

Affected product(s) and affected version(s):

N series Snap Creator Framework: 3.6.0, 4.1.0, 4.1.2, 4.3;
SnapManager for Oracle: 3.2, 3.3, 3.3.1, 3.4;
SnapManager for SAP: 3.2, 3.3, 3.3.1;
Virtual Storage Console for VMware vSphere: 6.0, 6.1, 6.2;

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2vsJLDa
X-Force Database: http://ift.tt/1O48BYg



from IBM Product Security Incident Response Team http://ift.tt/2vt3PF8
Posted by at

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)