Jboss EAP Deserialization of Untrusted Data Vulnerability - CVE-2015-7501

Red Hat JBoss A-MQ 6.x BPM Suite (BPMS) 6.x BRMS 6.x and 5.x Data Grid (JDG) 6.x Data Virtualization (JDV) 6.x and 5.x Enterprise Application Platform 6.x 5.x and 4.3.x Fuse 6.x Fuse Service Works (FSW) 6.x Operations Network (JBoss ON) 3.x Portal 6.x SOA Platform (SOA-P) 5.x Web Server (JWS) 3.x Red Hat OpenShift/xPAAS 3.x and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object related to the Apache Commons Collections (ACC) library.