Posted by Nate Kettlewell on Jun 15

Java Deserialization in Solarwinds Virtualization Manager 6.3.1

Product: Solarwinds Virtualization Manager
Vendor: Solarwinds
Vulnerable Version(s): < 6.3.1
Tested Version: 6.3.1

Vendor Notification: April 25th, 2016
Vendor Patch Availability to Customers: June 1st, 2016
Public Disclosure: June 14th, 2016

Vulnerability Type: Deserialization of Untrusted Data [CWE-502]
CVE Reference: CVE-2016-3642
Risk Level: High
CVSSv2 Base Score: 10…