CRITICAL🇵🇱 Wersja polska

CVE-2023-49886

CVSS 9.8v3.1pub. 2025-10-06upd. 2025-10-16

IBM Standards Processing Engine 10.0.1.10 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe java deserialization. By sending specially crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system.

🤖 AI Analysis
How it works

The vulnerability results from unsafe deserialization of data in Java (CWE-502). An attacker sends specially crafted input data to the vulnerable component, which is processed in an uncontrolled manner during deserialization. This mechanism allows arbitrary code execution on the server side without requiring authentication.

Impact

Successful exploitation of the vulnerability allows an attacker to remotely execute arbitrary code on the server, which may lead to complete system takeover, data disclosure, modification, or service disruption.

Mitigation & patch

Patches available from the vendor should be applied according to the references: https://www.ibm.com/support/pages/node/7247179

Who is affected

IBM Standards Processing Engine version 10.0.1.10, which is a component of the IBM Transformation Extender Advanced product.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • IBM Transformation Extender Advanced

    APP
    Ibm
    10.0.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEDeserialization
CWE
References

Related vulnerabilities

CVE-2017-1758HIGH7.1ten sam produkt

IBM Financial Transaction Manager for ACH Services for Multi-Platform (IBM Control Center 6.0 and 6.1, IBM Fin...

CVE-2023-49881MEDIUM6.3ten sam produkt

IBM Transformation Extender Advanced 10.0.1 does not invalidate session after logout which could allow an au...

CVE-2023-49883MEDIUM5.9ten sam produkt

IBM Transformation Extender Advanced 10.0.1 does not require that users should have strong passwords by ...

CVE-2023-50300MEDIUM5.1ten sam produkt

IBM Transformation Extender Advanced 10.0.1 could allow a local user to perform unauthorized actions due t...

CVE-2021-29883MEDIUM4.3ten sam produkt

IBM Standards Processing Engine (IBM Transformation Extender Advanced 9.0 and 10.0) does not set the secure at...