Has anyone dealt with this vulnerability in Java De-serialization as noted in CVE-2015-6420 and Cisco Unified Attendant Console? I have a customer that has been scanned by a third party vendor and this came up. It would appear that there is no patch from Cisco and it's not clear if a Java update will correct this.
Any advice at all?
