There is the desirialization vulnerbility about Apache Common Collections in vRO 6.0.x and 5.5.x as we can see in the following KB:
VMware KB: Resolving the deserialization vulnerability for embedded vRealize Orchestrator 6.0.x and ...
Is this VMware KB applicable to vRO 7.0?
7.0 is not vulnerable. See: VMSA-2015-0009 | United States
View solution in original post
Thank you!