VYPR
Critical severity9.8NVD Advisory· Published Dec 15, 2015· Updated Jun 17, 2026

CVE-2015-6420

CVE-2015-6420

Description

Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network and Content Security Devices; Network Management and Provisioning; Routing and Switching - Enterprise and Service Provider; Unified Computing; Voice and Unified Communications Devices; Video, Streaming, TelePresence, and Transcoding Devices; Wireless; and Cisco Hosted Services products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.commons:commons-collections4Maven
< 4.14.1
commons-collections:commons-collectionsMaven
< 3.2.23.2.2
net.sourceforge.collections:collections-genericMaven
<= 4.0.1
org.apache.servicemix.bundles:org.apache.servicemix.bundles.collections-genericMaven
<= 4.01
org.apache.servicemix.bundles:org.apache.servicemix.bundles.commons-collectionsMaven
<= 3.2.1

Affected products

5

Patches

Vulnerability mechanics

References

16

News mentions

0

No linked articles in our index yet.