CVE-2015-6934

Name of the Vulnerable Software and Affected Versions VMware vRealize Orchestrator versions 6.x vCenter Orchestrator versions 5.x vRealize Operations versions 6.x vCenter Operations versions 5.x vCenter Application Discovery Manager (vADM) versions 7.x

Description The issue allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. This is due to a problem with serialized-object interfaces in the affected products.

Recommendations For VMware vRealize Orchestrator versions 6.x, update to a version that includes a fix for the Apache Commons Collections library issue. For vCenter Orchestrator versions 5.x, update to a version that includes a fix for the Apache Commons Collections library issue. For vRealize Operations versions 6.x, update to a version that includes a fix for the Apache Commons Collections library issue. For vCenter Operations versions 5.x, update to a version that includes a fix for the Apache Commons Collections library issue. For vCenter Application Discovery Manager (vADM) versions 7.x, update to a version that includes a fix for the Apache Commons Collections library issue.