Remote Code Execution via Serialized Java Object in SolarWinds Virtualization Manager

Remote Code Execution via Serialized Java Object in SolarWinds Virtualization Manager

CVE-2016-3642 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

The RMI service in SolarWinds Virtualization Manager 6.3.1 and earlier allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

Learn more about our Cis Benchmark Audit For Apache Http Server.