Vulnerability Description
Serialized-object interfaces in VMware vRealize Orchestrator 6.x, vCenter Orchestrator 5.x, vRealize Operations 6.x, vCenter Operations 5.x, and vCenter Application Discovery Manager (vADM) 7.x allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Vcenter Orchestrator | 5.5 |
| Vmware | Vrealize Orchestrator | 6.0.1 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/79648
- http://www.vmware.com/security/advisories/VMSA-2015-0009.htmlVendor Advisory
- http://www.securityfocus.com/bid/79648
- http://www.vmware.com/security/advisories/VMSA-2015-0009.htmlVendor Advisory
FAQ
What is CVE-2015-6934?
CVE-2015-6934 is a vulnerability with a CVSS score of 7.3 (HIGH). Serialized-object interfaces in VMware vRealize Orchestrator 6.x, vCenter Orchestrator 5.x, vRealize Operations 6.x, vCenter Operations 5.x, and vCenter Application Discovery Manager (vADM) 7.x allow ...
How severe is CVE-2015-6934?
CVE-2015-6934 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-6934?
Check the references section above for vendor advisories and patch information. Affected products include: Vmware Vcenter Orchestrator, Vmware Vrealize Orchestrator.