You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to "oracle_common/modules/com.bea.core.apache.commons.collections.jar". The Java artifact causing the deserialization vulnerability is Apache Commons Collections in versions 3.0 through 3.2.1 and version 4.0. NOTE: the scope of this CVE is limited to the WebLogic Server product.
HIGH Vulnerable Package issue exists @ commons-collections:commons-collections in branch refs/heads/master
Description
The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to "oracle_common/modules/com.bea.core.apache.commons.collections.jar". The Java artifact causing the deserialization vulnerability is Apache Commons Collections in versions 3.0 through 3.2.1 and version 4.0. NOTE: the scope of this CVE is limited to the WebLogic Server product.
HIGH Vulnerable Package issue exists @ commons-collections:commons-collections in branch refs/heads/master
Vulnerability ID: CVE-2015-4852
Package Name: commons-collections:commons-collections
Severity: HIGH
CVSS Score: 9.8
Publish Date: 2015-11-18T15:59:00
Current Package Version: 3.2.1
Remediation Upgrade Recommendation: 3.2.2
Link To SCA
Reference – NVD link
The text was updated successfully, but these errors were encountered: