CVE-2015-6934

CVE Database · CVE-2015-6934

CVE-2015-6934

· N/AModified

CVSS v3.1

N/A

EPSS

5.05%

Published

Dec 21, 2015

Modified

May 6, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Serialized-object interfaces in VMware vRealize Orchestrator 6.x, vCenter Orchestrator 5.x, vRealize Operations 6.x, vCenter Operations 5.x, and vCenter Application Discovery Manager (vADM) 7.x allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.

Weaknesses (CWE)

CWE-20

Affected Products (7)

vmware · vcenter_orchestratorvulnerable

vmware · vrealize_orchestratorvulnerable

References (4)

http://www.securityfocus.com/bid/79648

http://www.vmware.com/security/advisories/VMSA-2015-0009.html

Vendor Advisory

http://www.securityfocus.com/bid/79648

http://www.vmware.com/security/advisories/VMSA-2015-0009.html

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs