Cisco Information for VU#576313
Apache Commons Collections Java library insecurely deserializes data
No statement is currently available from the vendor regarding this vulnerability.
Cisco has released a security advisory and list of affected products at the URL below. Cisco has assigned CVE-2015-6420 to this issue.
As of 2017-07-18, CERT/CC is aware of a report that Cisco Unity Express (CUE) 8.6.1 is still vulnerable to this issue and is incorrectly identified as "not vulnerable" in the above Cisco advisory. We have reached out to Cisco for clarification.
If you have feedback, comments, or additional information about this vulnerability, please send us email.