Search for packages
| purl | pkg:rpm/redhat/jboss-as-ejb3@7.5.5-2.Final_redhat_3.1.ep6?arch=el6 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-32uq-r1e7-3ub4
Aliases: CVE-2015-7501 GHSA-fjq5-5j5f-mvxh |
InvokerTransformer code execution during deserialization This package allows code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library. | There are no reported fixed by versions. |
|
VCID-drq1-cttn-jfaw
Aliases: CVE-2015-5304 |
EAP: missing authorization check for Monitor/Deployer/Auditor role when shutting down server | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T14:39:19.382324+00:00 | RedHat Importer | Affected by | VCID-32uq-r1e7-3ub4 | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7501.json | 38.0.0 |
| 2026-04-01T14:38:43.875374+00:00 | RedHat Importer | Affected by | VCID-drq1-cttn-jfaw | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5304.json | 38.0.0 |