VDB

RHSA-2015%3A2534

RHSA-2015%3A2534 PUBLISHED CVSS 7.5 HIGH

It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.

Risk Scores

CVSS 2.0
7.5

Affected Products

VendorProductVersions
Red HatRed Hat JBoss Data Virtualization 6.0
Red HatRed Hat JBoss Data Virtualization 6.1
Red HatRed Hat JBoss Data Virtualization 6.2

Timeline

  • Dec 1, 2015 CVE Published
  • Apr 30, 2026 Distribution Patch
  • Apr 30, 2026 Distribution Patch
  • Apr 30, 2026 Security Advisory
  • Apr 30, 2026 Security Advisory
  • May 14, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›