How severe is CVE-2015-6420?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2015-6420?

This is classified as CWE-502, which is a common weakness in software security.

CVE-2015-6420

HIGH Year: 2015

CVSS v2 Score

7.5

High

Weakness Type

CWE-502

View all →

Vulnerability Description

Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network and Content Security Devices; Network Management and Provisioning; Routing and Switching - Enterprise and Service Provider; Unified Computing; Voice and Unified Communications Devices; Video, Streaming, TelePresence, and Transcoding Devices; Wireless; and Cisco Hosted Services products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

CVE-2018-19276

CRITICAL

CVSS:10.0(Critical)

OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary commands on the targeted system via crafted XML data in a...

CWE-5022018

CVE-2018-3972

CRITICAL

CVSS:10.0(Critical)

An exploitable code execution vulnerability exists in the Levin deserialization functionality of the Epee library, as used in Monero 'Lithium Luna' (v0.12.2.0-master-ffab6700) and other cryptocurrenci...

CWE-5022018

CVE-2019-19810

CRITICAL

CVSS:10.0(Critical)

Zoom Call Recording 6.3.1 from Eleveo is vulnerable to Java Deserialization attacks targeting the inbuilt RMI service. A remote unauthenticated attacker can exploit this vulnerability by sending craft...

CWE-5022019

CVE-2020-15148

CRITICAL

CVSS:10.0(Critical)

Yii 2 (yiisoft/yii2) before version 2.0.38 is vulnerable to remote code execution if the application calls `unserialize()` on arbitrary user input. This is fixed in version 2.0.38. A possible workarou...

CWE-5022020

CVE-2021-37181

CRITICAL

CVSS:10.0(Critical)

A vulnerability has been identified in Cerberus DMS V4.0 (All versions), Cerberus DMS V4.1 (All versions), Cerberus DMS V4.2 (All versions), Cerberus DMS V5.0 (All versions < v5.0 QU1), Desigo CC Comp...

CWE-5022021

CVE-2022-38650

CRITICAL

CVSS:10.0(Critical)

A remote unauthenticated insecure deserialization vulnerability exists in VMware Hyperic Server 5.8.6. Exploitation of this vulnerability enables a malicious party to run arbitrary code or malware wit...

CWE-5022022

CVE-2015-6420

Vulnerability Description

Related Vulnerabilities

CVE-2018-19276

CVE-2018-3972

CVE-2019-19810

CVE-2020-15148

CVE-2021-37181

CVE-2022-38650