Unify Inc Information for VU#576313

Apache Commons Collections Java library insecurely deserializes data



Vendor Statement

"Unify is affected in two product lines as listed below. For details refer to the information given in the Security Advisory OBSO-1511-01.

We recommend all customers to apply the mitigations described in the advisory and install the corresponding product fix releases as soon as available.
To get notified about Advisory updates, subscribe as listed in https://www.unify.com/security/advisories."

Vendor Information

Unify has issued Security Advisory OBSO-1511-01 at the URL listed below.

Mitre had assigned two CVE IDs for Unify products impacted by VU#576313:

CVE-2015-8237, affected products:
Unify OpenScape Fault Management V7 ("cpe:/a:unify:openscape_fault_management:7.%02")
Unify OpenScape Fault Management V8 ("cpe:/a:unify:openscape_fault_management:8.%02")

CVE-2015-8238, affected products:
Unify OpenScape UC Application V7 ("cpe:/a:unify:openscape_uc_application:7.%02")
Unify OpenScape Common Management Platform V7 ("cpe:/a:unify:openscape_common_management_platform:7.%02")

Vendor References



There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.