OR
     *cpe:2.3:a:redhat:openshift:2.0:*:enterprise:*:*:*:*:*

OR
     *cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*

http://packetstormsecurity.com/files/134805/Jenkins-CLI-RMI-Java-Deserialization.html [No Types Assigned]

https://www.exploit-db.com/exploits/38983/ [No Types Assigned]

Configuration 1
     OR
          *cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:* (and previous)
Configuration 2
     OR
          *cpe:2.3:a:redhat:openshift:2.0:*:enterprise:*:*:*:*:*
Configuration 3
     OR
          *cpe:2.3:a:cloudbees:jenkins:1.637:*:*:*:*:*:*:*
          *cpe:2.3:a:cloudbees:jenkins:1.625.1:*:*:*:lts:*:*:*

Configuration 1
     OR
          *cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:* (and previous)
Configuration 2
     OR
          *cpe:2.3:a:jenkins:jenkins:1.637:*:*:*:*:*:*:* (and previous)
Configuration 3
     OR
          *cpe:2.3:a:jenkins:jenkins:1.625.1:*:*:*:lts:*:*:* (and previous)
Configuration 4
     OR
          *cpe:2.3:a:redhat:openshift:2.0:*:enterprise:*:*:*:*:*

El subsistema Jenkins CLI en Jenkins en versiones anteriores a 1.638 y LTS en versiones anteriores a 1.625.2 permite a atacantes remotos ejecutar código arbitrario a través de un objeto Java serializado manipulado, relacionado con una problemática de archivo webapps/ROOT/WEB-INF/lib/commons-collections-*.jar y la 'variante Groovy en 'ysoserial''.

El subsistema Jenkins CLI en CloudBees Jenkins en versiones anteriores a 1.638 y LTS en versiones anteriores a 1.625.2 permite a atacantes remotos ejecutar código arbitrario a través de un objeto Java serializado manipulado, relacionado con una problemática de archivo webapps/ROOT/WEB-INF/lib/commons-collections-*.jar y la 'variante Groovy en 'ysoserial''.

The Jenkins CLI subsystem in CloudBees Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-*.jar file and the "Groovy variant in 'ysoserial'".

The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-*.jar file and the "Groovy variant in 'ysoserial'".

Configuration 1
     OR
          *cpe:2.3:a:cloudbees:jenkins:1.637:*:*:*:*:*:*:*
          *cpe:2.3:a:cloudbees:jenkins:1.625.1:*:*:*:lts:*:*:*
Configuration 2
     OR
          *cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:* (and previous)

Configuration 1
     OR
          *cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:* (and previous)
Configuration 2
     OR
          *cpe:2.3:a:redhat:openshift:2.0:*:enterprise:*:*:*:*:*
Configuration 3
     OR
          *cpe:2.3:a:cloudbees:jenkins:1.637:*:*:*:*:*:*:*
          *cpe:2.3:a:cloudbees:jenkins:1.625.1:*:*:*:lts:*:*:*

http://rhn.redhat.com/errata/RHSA-2016-0489.html

Configuration 1
     OR
          *cpe:2.3:a:cloudbees:jenkins:1.637:*:*:*:*:*:*:*
          *cpe:2.3:a:cloudbees:jenkins:1.625.1:*:*:*:lts:*:*:*

Configuration 1
     OR
          *cpe:2.3:a:cloudbees:jenkins:1.637:*:*:*:*:*:*:*
          *cpe:2.3:a:cloudbees:jenkins:1.625.1:*:*:*:lts:*:*:*
Configuration 2
     OR
          *cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:* (and previous)

https://access.redhat.com/errata/RHSA-2016:0070

Configuration 1
     OR
          *cpe:2.3:a:cloudbees:jenkins:1.637:*:*:*:*:*:*:*
          *cpe:2.3:a:cloudbees:jenkins:1.625.1:*:*:*:lts:*:*:*

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

CWE-77

http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/#jenkins No Types Assigned

http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/#jenkins Exploit

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11 No Types Assigned

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11 Advisory