Boletines de Vulnerabilidades

IBM Security Bulletin: Vulnerabilities in Apache Commons Collections and Apache Groovy affect IBM UrbanCode Deploy and IBM UrbanCode Deploy with Patterns (CVE-2015-4852, CVE-2015-3253)

Información sobre el sistema
   
Software afectado IBM

Descripción
Apache Commons Collections and Apache Groovy vulnerabilities for handling Java object deserialization were addressed by IBM UrbanCode Deploy. CVE(s): Affected product(s) and affected version(s): IBM UrbanCode Deploy 6.0, 6.0.1, 6.0.1.1, 6.0.1.2, 6.0.1.3, 6.0.1.4, 6.0.1.5, 6.0.1.6, 6.0.1.7, 6.0.1.8, 6.0.1.9, 6.0.1.10, 6.1, 6.1.0.1, 6.1.0.2, 6.1.0.3, 6.1.0.4, 6.1.1, 6.1.1.1, 6.1.1.2, 6.1.1.3, 6.1.1.4, 6.1.1.5, 6.1.1.6, 6.1.1.7, 6.1.1.8, 6.1.2, 6.1.3, and 6.2 on all supported platforms.

More info:

https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerabilities_in_apache_commons_collections_and_apache_groovy_affect_ibm_urbancode_deploy_and_ibm_urbancode_deploy_with_patterns_cve_2015_4852_cve_2015_3253?lang=en_us

Identificadores estándar
Propiedad Valor
CVE CVE-2015-4852 ,CVE-2015-3253 ,CVE-2015-7421 ,CVE-2015-7420 ,CVE-2015-4938 ,CVE-2015-7450 and CVE-2015-5204.

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2015-12-03

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT