Cisco Information for VU#576313
Apache Commons Collections Java library insecurely deserializes data
- Vendor Information Help Date Notified:
- Statement Date:
- Date Updated: 18 Jul 2017
No statement is currently available from the vendor regarding this vulnerability.
Cisco has released a security advisory and list of affected products at the URL below. Cisco has assigned CVE-2015-6420 to this issue.
As of 2017-07-18, CERT/CC is aware of a report that Cisco Unity Express (CUE) 8.6.1 is still vulnerable to this issue and is incorrectly identified as "not vulnerable" in the above Cisco advisory. We have reached out to Cisco for clarification.
If you have feedback, comments, or additional information about this vulnerability, please send us email.