search cancel

Is DCS 6.x vulnerable to (CVE-2015-6420): Serialized-object interfaces in certain cases can allow remote attackers to execute arbitrary commands via a crafted serialized Java objects.


Article ID: 150328


Updated On:


Data Center Security Monitoring Edition Data Center Security Server Data Center Security Server Advanced




The CVE-2015-6420 vulnerability has to do with serialized objects. DCS 6.x does not use java serialized objects in the server or console so we are not vulnerable to this.

The file in question here (commons-collections-3.2.1.jar) was added in DCS 6.0.0 This file is required and should not delete.

The file (commons-collections-3.2.1.jar) is found in the following locations in the DCS product: