Attacker Value
Unknown
CVE-2015-7450
CVE-2015-7450
(Last updated July 25, 2024) ▾
MITRE ATT&CK
Log in to add MITRE ATT&CK tag
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
Metasploit Module
Description
Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransformer class in the Apache Commons Collections library.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
Data provided by the National Vulnerability Database (NVD)
Base Score:
9.8 Critical
Impact Score:
5.9
Exploitability Score:
3.9
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High
General Information
Vendors
Products
- sterling b2b integrator 5.2,
- sterling integrator 5.1,
- tivoli common reporting 2.1,
- tivoli common reporting 2.1.1,
- tivoli common reporting 2.1.1.2,
- tivoli common reporting 3.1,
- tivoli common reporting 3.1.0.1,
- tivoli common reporting 3.1.0.2,
- tivoli common reporting 3.1.2,
- tivoli common reporting 3.1.2.1,
- watson content analytics,
- watson explorer analytical components,
- watson explorer analytical components 11.0,
- watson explorer annotation administration console,
- watson explorer annotation administration console 11.0,
- websphere application server 7.0.0.0,
- websphere application server 8.0.0.0,
- websphere application server 8.5,
- websphere application server 8.5.0.0,
- websphere application server 8.5.5.5
Metasploit Modules
References
Advisory
