Fwd: [CIVN-2020-0295] Remote code execution vulnerability in IBM WebSphere Application Server

1 year ago 93

Severity Rating: HIGH

Software Affected

WebSphere Application Server 9.0

WebSphere Application Server 8.5

WebSphere Application Server 8.0

WebSphere Application Server 7.0

Overview

A Remote code execution vulnerability was reported in IBM Web Sphere

Application Server which could allow a remote attacker to execute arbitrary

code on the target system.

Description

The vulnerability exists in IBM Web Sphere Application Server due to

improper validation of user-supplied input. A remote attacker could exploit

this vulnerability by executing a specially-crafted sequence of serialized

objects over the SOAP connector. 

Successful exploitation of this vulnerability could allow the attacker to

execute arbitrary code on the target system.

Solution

Apply appropriate patches as mentioned in the below link: 

Vendor Information

IBM

References

IBM

erver-vulnerable-remote-code-execution-vulnerability-cve-2020-4464

CVE Name

CVE-2020-4464

Read Entire Article