Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network and Content Security Devices; Network Management and Provisioning; Routing and Switching - Enterprise and Service Provider; Unified Computing; Voice and Unified Communications Devices; Video, Streaming, TelePresence, and Transcoding Devices; Wireless; and Cisco Hosted Services products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| org.apache.commons:commons-collections4(Maven) | 0 | 4.1 | N/A |
| commons-collections:commons-collections(Maven) | 0 | 3.2.2 | N/A |
| net.sourceforge.collections:collections-generic(Maven) | 0 | N/A | N/A |
| org.apache.servicemix.bundles:org.apache.servicemix.bundles.collections-generic(Maven) | 0 | N/A | N/A |
| org.apache.servicemix.bundles:org.apache.servicemix.bundles.commons-collections(Maven) | 0 | N/A | N/A |
CVSS Metrics
