Severity Rating: HIGH
Software Affected
· IBM WebSphere Application Server versions 7.0, 8.0, 8.5, 9.0
· IBM WebSphere Application Server ND versions 8.5, 9.0
· IBM WebSphere Virtual Enterprise versions 7.0, 8.0
Overview
Multiple vulnerabilities have been reported in IBM WebSphere Application
Server which could allow a remote attacker to execute arbitrary code or
obtain sensitive information.
Description
1. Remote Code Execution Vulnerability (CVE-2020-4448)
This vulnerability exists in the BroadcastMessageManager class of IBM
WebSphere Application Server Network Deployment due to improper validation
of user-supplied input. A remote attacker could exploit this vulnerability
by executing a specially-crafted sequence of serialized objects from
untrusted sources.
Successful exploitation of this vulnerability could allow the attacker to
execute arbitrary code on the target system.
2. Remote Code Execution Vulnerability (CVE-2020-4450)
This vulnerability exists in the IIOP protocol of IBM WebSphere Application
Server due to improper validation of user-supplied input. A remote attacker
could exploit this vulnerability by executing a specially-crafted sequence
of serialized objects.
Successful exploitation of this vulnerability could allow the attacker to
execute arbitrary code on the target system.
3. Information Disclosure Vulnerability (CVE-2020-4449)
This vulnerability exists in the IIOP protocol of IBM WebSphere Application
Server due to improper validation of user-supplied input. A remote attacker
could exploit this vulnerability by executing a specially-crafted sequence
of serialized objects.
Successful exploitation of this vulnerability could allow the attacker to
disclose sensitive information of the target system.
Solution
Contact device vendor or manufacturer for appropriate over-the-air update
Vendor Information
IBM
References
IBM
ZDI
CVE Name
CVE-2020-4448
CVE-2020-4449
CVE-2020-4450
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.
![Fwd: [CIVN-2020-0192] Remote code execution vulnerability in VMware Cloud Director](http://3.bp.blogspot.com/-ZRo8fwgs65M/UZC2jMJpcLI/AAAAAAAAC5Y/EfoFQsr1wzU/s1600/BS+No+Image.gif )