Fwd: [CIVN-2020-0295] Remote code execution vulnerability in IBM WebSphere Application Server

Severity Rating: HIGH

Software Affected

WebSphere Application Server 9.0

WebSphere Application Server 8.5

WebSphere Application Server 8.0

WebSphere Application Server 7.0

Overview

A Remote code execution vulnerability was reported in IBM Web Sphere

Application Server which could allow a remote attacker to execute arbitrary

code on the target system.

Description

The vulnerability exists in IBM Web Sphere Application Server due to

improper validation of user-supplied input. A remote attacker could exploit

this vulnerability by executing a specially-crafted sequence of serialized

objects over the SOAP connector.

Successful exploitation of this vulnerability could allow the attacker to

execute arbitrary code on the target system.

Solution

Apply appropriate patches as mentioned in the below link:

https://www.ibm.com/support/pages/node/6249987

Vendor Information

IBM

https://www.ibm.com/support/pages/node/6249987

References

IBM

https://www.ibm.com/support/pages/security-bulletin-websphere-application-s

erver-vulnerable-remote-code-execution-vulnerability-cve-2020-4464

CVE Name

CVE-2020-4464

About Cert Advisory

We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.

Fwd: [CIVN-2020-0295] Remote code execution vulnerability in IBM WebSphere Application Server

About Cert Advisory

Related Posts

Popular Posts

Facebook

Blog Archive