http://www.vmware.com/security/advisories/VMSA-2015-0009.html
Advisory ID: VMSA-2015-0009
Synopsis: VMware product updates address a critical deserialization vulnerability
Updated on: 2015-12-18 (Initial Advisory)
CVE numbers: CVE-2015-6934
VMware product updates address a critical deserialization vulnerability in vRealize Orchestrator 6.x and vCenter Orchestrator 5.x. A deserialization vulnerability involving Apache Commons-collections and a specially constructed chain of classes exists. Successful exploitation could result in remote code execution, with the permissions of the application using the Commons-collections library. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2015-6934 to this issue.
Firmware Security 