VDB

RHSA-2015%3A2502

RHSA-2015%3A2502 PUBLISHED CVSS 7.5 HIGH

It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.

Risk Scores

CVSS 2.0
7.5

Affected Products

VendorProductVersions
Red HatRed Hat JBoss Data Grid 6.5
Red HatRed Hat JBoss Data Grid 6.4

Timeline

  • Nov 20, 2015 CVE Published
  • Apr 30, 2026 Distribution Patch
  • Apr 30, 2026 Distribution Patch
  • Apr 30, 2026 Security Advisory
  • Apr 30, 2026 Security Advisory
  • May 14, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›