CVE-2015-7450
critical-risk
Published 2016-01-02
Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransformer class in the Apache Commons Collections library.
Do I need to act?
!
93.3% chance of exploitation in next 30 days
EPSS score — higher than 7% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
!
1 public exploit available
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (20)
Affected Vendors
References (19)
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21970575
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21971342
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21971376
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21971758
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21972799
Broken Link
http://www.securityfocus.com/bid/77653
Broken Link
http://www.securitytracker.com/id/1035125
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21970575
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21971342
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21971376
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21971758
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21972799
Broken Link
http://www.securityfocus.com/bid/77653
Broken Link
http://www.securitytracker.com/id/1035125
86
/ 100
critical-risk
Severity
32/34 · Critical
Exploitability
34/34 · Critical
Exposure
20/34 · Moderate