Описание
Serialized-object interfaces in VMware vRealize Orchestrator 6.x, vCenter Orchestrator 5.x, vRealize Operations 6.x, vCenter Operations 5.x, and vCenter Application Discovery Manager (vADM) 7.x allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:vmware:vcenter_orchestrator:5.5:*:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_orchestrator:5.5.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_orchestrator:5.5.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_orchestrator:5.5.2.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:vrealize_orchestrator:6.0.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:vrealize_orchestrator:6.0.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:vrealize_orchestrator:6.0.3:*:*:*:*:*:*:*
EPSS
Процентиль: 83%
0.02063
Низкий
7.3 High
CVSS3
7.5 High
CVSS2
Дефекты
CWE-20
Связанные уязвимости
CVSS3: 7.3
github
около 3 лет назад
Serialized-object interfaces in VMware vRealize Orchestrator 6.x, vCenter Orchestrator 5.x, vRealize Operations 6.x, vCenter Operations 5.x, and vCenter Application Discovery Manager (vADM) 7.x allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
EPSS
Процентиль: 83%
0.02063
Низкий
7.3 High
CVSS3
7.5 High
CVSS2
Дефекты
CWE-20