CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2015-7450

CVSS 9.8v3.1pub. 2016-01-02upd. 2026-04-21

Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransformer class in the Apache Commons Collections library.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • IBM Sterling B2b Integrator

    APP
    Ibm
    5.2
  • IBM Sterling Integrator

    APP
    Ibm
    5.1
  • IBM Tivoli Common Reporting

    APP
    Ibm
    2.12.1.12.1.1.23.13.1.0.13.1.0.23.1.23.1.2.1
  • IBM Watson Content Analytics

    APP
    Ibm
    3.0 – 3.0.0.63.5 – 3.5.0.3
  • IBM Watson Explorer Analytical Components

    APP
    Ibm
    11.010.0 – 10.0.0.2
  • IBM Watson Explorer Annotation Administration Console

    APP
    Ibm
    11.010.0 – 10.0.0.2
  • IBM Websphere Application Server

    APP
    Ibm
    7.0.0.08.0.0.08.58.5.0.08.5.5.5

CISA KEV — detailsi

Vendori
IBM
Producti
WebSphere Application Server and Server Hypervisor Edition
Added to KEVi
January 10, 2022
Remediation deadline (US Federal)i
July 10, 2022(overdue)
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 10 lipca 2022
Tags
Deserialization
CWE
References

Related vulnerabilities

CVE-2026-11708CRITICAL9.3ten sam produkt

IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the admin...

CVE-2026-11712CRITICAL9.3ten sam produkt

IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the admin...

CVE-2026-8644CRITICAL9.1PL ✓ten sam produkt

IBM WebSphere Application Server — podatność na identity spoofing

CVE-2026-9311CRITICAL9.0PL ✓ten sam produkt

RCE w IBM WebSphere Application Server — ominięcie zabezpieczeń

CVE-2026-9319CRITICAL9.0PL ✓ten sam produkt

IBM WebSphere Application Server – RCE przez deserializację danych w JAX-WS