CVE-2015-7450
Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
Vulnerability Description
Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransformer class in the Apache Commons Collections library.
Affected Platforms (CPE)
📦
Ibm
Sterling B2b Integrator
= 5.2📦
Ibm
Sterling Integrator
= 5.1📦
Ibm
Tivoli Common Reporting
= 2.1📦
Ibm
Tivoli Common Reporting
= 2.1.1📦
Ibm
Tivoli Common Reporting
= 2.1.1.2📦
Ibm
Tivoli Common Reporting
= 3.1📦
Ibm
Tivoli Common Reporting
= 3.1.0.1📦
Ibm
Tivoli Common Reporting
= 3.1.0.2📦
Ibm
Tivoli Common Reporting
= 3.1.2📦
Ibm
Tivoli Common Reporting
= 3.1.2.1📦
Ibm
Watson Content Analytics
>= 3.0 and <= 3.0.0.6📦
Ibm
Watson Content Analytics
>= 3.5 and <= 3.5.0.3📦
Ibm
Watson Explorer Analytical Components
>= 10.0 and <= 10.0.0.2📦
Ibm
Watson Explorer Analytical Components
= 11.0📦
Ibm
Watson Explorer Annotation Administration Console
>= 10.0 and <= 10.0.0.2📦
Ibm
Watson Explorer Annotation Administration Console
= 11.0📦
Ibm
Websphere Application Server
= 7.0.0.0📦
Ibm
Websphere Application Server
= 8.0.0.0📦
Ibm
Websphere Application Server
= 8.5📦
Ibm
Websphere Application Server
= 8.5.0.0📦
Ibm