Unify Inc Information for VU#576313
Apache Commons Collections Java library insecurely deserializes data
- Vendor Information Help Date Notified:
- Statement Date: 24 Nov 2015
- Date Updated: 30 Nov 2015
"Unify is affected in two product lines as listed below. For details refer to the information given in the Security Advisory OBSO-1511-01.
We recommend all customers to apply the mitigations described in the advisory and install the corresponding product fix releases as soon as available.
To get notified about Advisory updates, subscribe as listed in https://www.unify.com/security/advisories."
Unify has issued Security Advisory OBSO-1511-01 at the URL listed below.
Mitre had assigned two CVE IDs for Unify products impacted by VU#576313:
CVE-2015-8237, affected products:
Unify OpenScape Fault Management V7 ("cpe:/a:unify:openscape_fault_management:7.%02")
Unify OpenScape Fault Management V8 ("cpe:/a:unify:openscape_fault_management:8.%02")
CVE-2015-8238, affected products:
Unify OpenScape UC Application V7 ("cpe:/a:unify:openscape_uc_application:7.%02")
Unify OpenScape Common Management Platform V7 ("cpe:/a:unify:openscape_common_management_platform:7.%02")
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.