← Back

CVE-2015-7450

nvd nistnuclei
Published: Jan 2, 2016Modified: Apr 21, 2026CISA KEV

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransformer class in the Apache Commons Collections library.

Affected (21)

Ibm
7 products
Sterling B2b Integrator
Sterling Integrator
Tivoli Common Reporting
Watson Content Analytics
Watson Explorer Analytical Components
Watson Explorer Annotation Administration Console
Websphere Application Server
Configuration A
21 vulnerable
Vulnerable SoftwareAffected Versions
Sterling B2b Integrator
Version 5.2
Sterling Integrator
Version 5.1
Ibm
Tivoli Common Reporting
Version 2.1.1.2
Tivoli Common Reporting
Version 2.1.1
Tivoli Common Reporting
Version 2.1
Tivoli Common Reporting
Version 3.1.0.1
Tivoli Common Reporting
Version 3.1.0.2
Tivoli Common Reporting
Version 3.1.2.1
Tivoli Common Reporting
Version 3.1.2
Tivoli Common Reporting
Version 3.1
Ibm
Watson Content Analytics
From 3.0 to 3.0.0.6
Watson Content Analytics
From 3.5 to 3.5.0.3
Ibm
Watson Explorer Analytical Components
From 10.0 to 10.0.0.2
Watson Explorer Analytical Components
Version 11.0
Ibm
Watson Explorer Annotation Administration Console
From 10.0 to 10.0.0.2
Watson Explorer Annotation Administration Console
Version 11.0
Ibm
Websphere Application Server
Version 7.0.0.0
Websphere Application Server
Version 8.0.0.0
Websphere Application Server
Version 8.5.0.0
Websphere Application Server
Version 8.5.5.5
Websphere Application Server
Version 8.5

Related CWEs

CWE-502
Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (19)

Source: psirt@us.ibm.com
Vendor Advisory
Source: psirt@us.ibm.com
Vendor Advisory
Source: psirt@us.ibm.com
Vendor Advisory
Source: psirt@us.ibm.com
Broken Link
Source: psirt@us.ibm.com
Vendor Advisory
Source: psirt@us.ibm.com
Vendor Advisory
Source: psirt@us.ibm.com
Broken LinkThird Party AdvisoryVDB Entry
Source: psirt@us.ibm.com
Broken LinkThird Party AdvisoryVDB Entry
Source: psirt@us.ibm.com
ExploitThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party AdvisoryVDB Entry
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource

Timeline

No history available yet.