Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransformer class in the Apache Commons Collections library.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HIBM Sterling B2b Integrator
APPIbm5.2IBM Sterling Integrator
APPIbm5.1IBM Tivoli Common Reporting
APPIbm2.12.1.12.1.1.23.13.1.0.13.1.0.23.1.23.1.2.1IBM Watson Content Analytics
APPIbm3.0 – 3.0.0.63.5 – 3.5.0.3IBM Watson Explorer Analytical Components
APPIbm11.010.0 – 10.0.0.2IBM Watson Explorer Annotation Administration Console
APPIbm11.010.0 – 10.0.0.2IBM Websphere Application Server
APPIbm7.0.0.08.0.0.08.58.5.0.08.5.5.5
CISA KEV — detailsi
- Vendori
- IBM ↗
- Producti
- WebSphere Application Server and Server Hypervisor Edition
- Added to KEVi
- January 10, 2022
- Remediation deadline (US Federal)i
- July 10, 2022(overdue)
Apply updates per vendor instructions.
Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands
Related vulnerabilities
IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the admin...
IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the admin...
IBM WebSphere Application Server — podatność na identity spoofing
RCE w IBM WebSphere Application Server — ominięcie zabezpieczeń
IBM WebSphere Application Server – RCE przez deserializację danych w JAX-WS