CVE-2015-6420 @ Maven-commons-collections:commons-collections-3.2.1

[SamHeadrickCx]

Checkmarx (SCA): Vulnerable Package
Vulnerability: Read More about CVE-2015-6420
Checkmarx Project: SamHeadrickCx/easybuggy4sb
Repository URL: https://github.com/SamHeadrickCx/easybuggy4sb
Branch: master
Scan ID: 94cbf8fd-fbe8-49c7-9c55-da0658f9cbfc

---

Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network and Content Security Devices; Network Management and Provisioning; Routing and Switching - Enterprise and Service Provider; Unified Computing; Voice and Unified Communications Devices; Video, Streaming, TelePresence, and Transcoding Devices; Wireless; and Cisco Hosted Services products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. The Java artifact causing the deserialization vulnerability is Apache Commons Collections in versions 3.0 through 3.2.1 and version 4.0.

---

Additional Info
Attack vector: NETWORK
Attack complexity: LOW
Confidentiality impact: PARTIAL
Availability impact: PARTIAL
Remediation Upgrade Recommendation: 3.2.2