Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
commons collections vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2015-6420
Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network and Content Security Devices; Network Management and Provisioning; Routing and Switching - Enterprise and Se...
Apache Commons Collections
Apache Commons Collections 4.0
5 Github repositories
9.8
CVSSv3
CVE-2017-15708
In Apache Synapse, by default no authentication is required for Java Remote Method Invocation (RMI). So Apache Synapse 3.0.1 or all previous releases (3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1) allows remote code execution attacks that can be performed by injecting specially crafted...
Apache Synapse 3.0.0
Apache Synapse 2.1.0
Apache Synapse 2.0.0
Apache Synapse 1.2
Apache Synapse 1.1.2
Apache Synapse 1.1.1
Apache Synapse 1.0
Apache Synapse 1.1
Oracle Peoplesoft Enterprise Peopletools 8.56
Oracle Peoplesoft Enterprise Peopletools 8.57
Oracle Financial Services Market Risk Measurement And Management 8.0.6
Oracle Financial Services Market Risk Measurement And Management 8.0.8
2 Github repositories
8.8
CVSSv3
CVE-2016-1487
Lexmark Markvision Enterprise prior to 2.3.0 misuses the Apache Commons Collections Library, leading to remote code execution because of Java deserialization.
Lexmark Markvision Enterprise
7.3
CVSSv3
CVE-2016-4385
The RMI service in HP Network Automation Software 9.1x, 9.2x, 10.0x prior to 10.00.02.01, and 10.1x prior to 10.11.00.01 allows remote malicious users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) and Commons B...
Hp Network Automation 9.22.02
Hp Network Automation 10.00
Hp Network Automation 9.22
Hp Network Automation 9.22.01
Hp Network Automation 10.00.01
Hp Network Automation 10.00.02
Hp Network Automation 10.10
Hp Network Automation 9.10
Hp Network Automation 9.20
Hp Network Automation 10.11
9.8
CVSSv3
CVE-2019-13116
The MuleSoft Mule Community Edition runtime engine prior to 3.8 allows remote malicious users to execute arbitrary code because of Java Deserialization, related to Apache Commons Collections
Mulesoft Mule Runtime
9.8
CVSSv3
CVE-2016-1986
HP Continuous Delivery Automation (CDA) 1.30 allows remote malicious users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
Hp Continuous Delivery Automation 1.3.0
10
CVSSv3
CVE-2016-1985
HPE Operations Manager 8.x and 9.0 on Windows allows remote malicious users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
Hp Operations Manager 9.0
Hp Operations Manager 8.1
Hp Operations Manager 8.16
Hp Operations Manager 8.10
9.8
CVSSv3
CVE-2016-1999
The server in HP Release Control 9.13, 9.20, and 9.21 allows remote malicious users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
Hp Release Control 9.21
Hp Release Control 9.20
Hp Release Control 9.13
9.8
CVSSv3
CVE-2016-2170
Apache OFBiz 12.04.x prior to 12.04.06 and 13.07.x prior to 13.07.03 allow remote malicious users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
Apache Ofbiz
9.8
CVSSv3
CVE-2016-1998
HPE Service Manager (SM) 9.3x prior to 9.35 P4 and 9.4x prior to 9.41.P2 allows remote malicious users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
Hp Service Manager 9.31
Hp Service Manager 9.33
Hp Service Manager 9.41
Hp Service Manager 9.40
Hp Service Manager 9.32
Hp Service Manager 9.35
Hp Service Manager 9.30
Hp Service Manager 9.34
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »