For details, please see included release notes as well as solution SOL183437 in our Knowledge Base.
The Apache Commons Collections library version 3.2, used by Foglight Management Server 22.214.171.124 and earlier versions, allows remote code to be executed if the attacker has a way to submit specially crafted serialized Java objects. The Management Server has Remote Method Invocation (RMI) end points that accept serialized method parameters, making it vulnerable.
This patch addresses the following issues:
FGL-18415 - A critical Apache Commons Collections vulnerability was experienced on a Foglight Management Server.