IBM Standards Processing Engine 10.0.1.10 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe java deserialization. By sending specially crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system.
The vulnerability results from unsafe deserialization of data in Java (CWE-502). An attacker sends specially crafted input data to the vulnerable component, which is processed in an uncontrolled manner during deserialization. This mechanism allows arbitrary code execution on the server side without requiring authentication.
Successful exploitation of the vulnerability allows an attacker to remotely execute arbitrary code on the server, which may lead to complete system takeover, data disclosure, modification, or service disruption.
Patches available from the vendor should be applied according to the references: https://www.ibm.com/support/pages/node/7247179
IBM Standards Processing Engine version 10.0.1.10, which is a component of the IBM Transformation Extender Advanced product.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HIBM Transformation Extender Advanced
APPIbm10.0.1
Related vulnerabilities
IBM Financial Transaction Manager for ACH Services for Multi-Platform (IBM Control Center 6.0 and 6.1, IBM Fin...
IBM Transformation Extender Advanced 10.0.1 does not invalidate session after logout which could allow an au...
IBM Transformation Extender Advanced 10.0.1 does not require that users should have strong passwords by ...
IBM Transformation Extender Advanced 10.0.1 could allow a local user to perform unauthorized actions due t...
IBM Standards Processing Engine (IBM Transformation Extender Advanced 9.0 and 10.0) does not set the secure at...