CVE-2016-3642

The RMI service in SolarWinds Virtualization Manager 6.3.1 and earlier allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

Published: Jun 17, 2016
Updated: Apr 13, 2023
CVE: CVE-2016-3642
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
solarwinds / virtualization_manager	-	6.3.1.x

http://packetstormsecurity.com/files/137486/Solarwinds-Virtualization-Manager-6.3.1-Java-Deserialization.html
http://seclists.org/fulldisclosure/2016/Jun/25
http://seclists.org/fulldisclosure/2016/Jun/29

Vulnerability Database

289,599

CVE-2016-3642