{"url":"http://public2.vulnerablecode.io/api/packages/162017?format=json","purl":"pkg:rpm/redhat/jbossas-appclient@7.5.5-2.Final_redhat_3.1.ep6?arch=el5","type":"rpm","namespace":"redhat","name":"jbossas-appclient","version":"7.5.5-2.Final_redhat_3.1.ep6","qualifiers":{"arch":"el5"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39125?format=json","vulnerability_id":"VCID-d35k-bj2z-ayg9","summary":"InvokerTransformer code execution during deserialization\nThis package allows code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.","references":[{"reference_url":"http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/","reference_id":"","reference_type":"","scores":[],"url":"http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-1773.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-1773.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7501.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7501.json"},{"reference_url":"https://access.redhat.com/security/vulnerabilities/2059393","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/vulnerabilities/2059393"},{"reference_url":"https://access.redhat.com/solutions/2045023","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/solutions/2045023"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7501","reference_id":"","reference_type":"","scores":[{"value":"0.71461","scoring_system":"epss","scoring_elements":"0.98743","published_at":"2026-06-08T12:55:00Z"},{"value":"0.71461","scoring_system":"epss","scoring_elements":"0.98744","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7501"},{"reference_url":"https://arxiv.org/pdf/2306.05534.pdf","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://arxiv.org/pdf/2306.05534.pdf"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1279330","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1279330"},{"reference_url":"https://commons.apache.org/proper/commons-collections/release_4_1.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://commons.apache.org/proper/commons-collections/release_4_1.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7501","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7501"},{"reference_url":"https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability"},{"reference_url":"https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/","reference_id":"","reference_type":"","scores":[],"url":"https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/"},{"reference_url":"https://github.com/apache/commons-collections","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/commons-collections"},{"reference_url":"https://issues.apache.org/jira/browse/COLLECTIONS-580.","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/COLLECTIONS-580."},{"reference_url":"https://sourceforge.net/p/collections/code/HEAD/tree","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://sourceforge.net/p/collections/code/HEAD/tree"},{"reference_url":"https://sourceforge.net/p/collections/code/HEAD/tree/","reference_id":"","reference_type":"","scores":[],"url":"https://sourceforge.net/p/collections/code/HEAD/tree/"},{"reference_url":"https://github.com/jensdietrich/xshady-release/tree/main/CVE-2015-7501","reference_id":"CVE-2015-7501","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jensdietrich/xshady-release/tree/main/CVE-2015-7501"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7501","reference_id":"CVE-2015-7501","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7501"},{"reference_url":"https://github.com/advisories/GHSA-fjq5-5j5f-mvxh","reference_id":"GHSA-fjq5-5j5f-mvxh","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fjq5-5j5f-mvxh"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2500","reference_id":"RHSA-2015:2500","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2500"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2501","reference_id":"RHSA-2015:2501","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2501"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2502","reference_id":"RHSA-2015:2502","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2502"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2514","reference_id":"RHSA-2015:2514","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2514"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2516","reference_id":"RHSA-2015:2516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2517","reference_id":"RHSA-2015:2517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2521","reference_id":"RHSA-2015:2521","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2521"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2522","reference_id":"RHSA-2015:2522","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2522"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2523","reference_id":"RHSA-2015:2523","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2523"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2524","reference_id":"RHSA-2015:2524","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2524"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2534","reference_id":"RHSA-2015:2534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2534"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2535","reference_id":"RHSA-2015:2535","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2535"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2536","reference_id":"RHSA-2015:2536","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2536"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2537","reference_id":"RHSA-2015:2537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2537"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2538","reference_id":"RHSA-2015:2538","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2538"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2539","reference_id":"RHSA-2015:2539","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2539"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2540","reference_id":"RHSA-2015:2540","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2540"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2541","reference_id":"RHSA-2015:2541","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2541"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2542","reference_id":"RHSA-2015:2542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2547","reference_id":"RHSA-2015:2547","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2547"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2548","reference_id":"RHSA-2015:2548","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2548"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2556","reference_id":"RHSA-2015:2556","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2556"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2557","reference_id":"RHSA-2015:2557","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2557"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2559","reference_id":"RHSA-2015:2559","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2559"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2560","reference_id":"RHSA-2015:2560","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2560"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2578","reference_id":"RHSA-2015:2578","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2578"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2579","reference_id":"RHSA-2015:2579","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2579"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2670","reference_id":"RHSA-2015:2670","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2670"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2671","reference_id":"RHSA-2015:2671","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2671"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0040","reference_id":"RHSA-2016:0040","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0040"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0118","reference_id":"RHSA-2016:0118","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0118"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1773","reference_id":"RHSA-2016:1773","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1773"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4274","reference_id":"RHSA-2020:4274","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4274"}],"fixed_packages":[],"aliases":["CVE-2015-7501","GHSA-fjq5-5j5f-mvxh"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d35k-bj2z-ayg9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/113215?format=json","vulnerability_id":"VCID-p9re-b9ku-4qc2","summary":"EAP: missing authorization check for Monitor/Deployer/Auditor role when shutting down server","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5304.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5304.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5304","reference_id":"","reference_type":"","scores":[{"value":"0.01287","scoring_system":"epss","scoring_elements":"0.7998","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01287","scoring_system":"epss","scoring_elements":"0.80005","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01287","scoring_system":"epss","scoring_elements":"0.80011","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01287","scoring_system":"epss","scoring_elements":"0.79994","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5304"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1273046","reference_id":"1273046","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1273046"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2538","reference_id":"RHSA-2015:2538","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2538"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2539","reference_id":"RHSA-2015:2539","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2539"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2540","reference_id":"RHSA-2015:2540","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2540"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2541","reference_id":"RHSA-2015:2541","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2541"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2542","reference_id":"RHSA-2015:2542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2542"}],"fixed_packages":[],"aliases":["CVE-2015-5304"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p9re-b9ku-4qc2"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbossas-appclient@7.5.5-2.Final_redhat_3.1.ep6%3Farch=el5"}