Serialized-object interfaces in VMware vRealize Orchestrator 6.x, vCenter Orchestrator 5.x, vRealize Operations 6.x, vCenter Operations 5.x, and vCenter Application Discovery Manager (vADM) 7.x allow remote malicious users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vmware vrealize orchestrator 6.0.2 |
||
vmware vcenter orchestrator 5.5.2.1 |
||
vmware vcenter orchestrator 5.5.2 |
||
vmware vcenter orchestrator 5.5.1 |
||
vmware vcenter orchestrator 5.5 |
||
vmware vrealize orchestrator 6.0.1 |
||
vmware vrealize orchestrator 6.0.3 |