Vulnerabilities > CVE-2020-4450 - Deserialization of Untrusted Data vulnerability in IBM Websphere Application Server

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
ibm
CWE-502
critical
nessus

Summary

IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181231.

Vulnerable Configurations

Part Description Count
Application
Ibm
66

Common Weakness Enumeration (CWE)

Nessus

NASL familyWeb Servers
NASL idWEBSPHERE_CVE-2020-4450.NASL
descriptionThe IBM WebSphere Application Server running on the remote host is version 8.5.x prior to 8.5.5.18 or 9.0.x prior to 9.0.5.5. It is, therefore, affected by a remote code execution vulnerability. A remote, unauthenticated attacker can exploit this by sending a specially-crafted sequence of serialized objects in order to execute arbitrary code on the affected system. Note that Nessus has not tested for this issue but has instead relied only on the application
last seen2020-06-13
modified2020-06-12
plugin id137368
published2020-06-12
reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/137368
titleIBM WebSphere Application Server 8.5.x < 8.5.5.18 / 9.0.x < 9.0.5.5 RCE (CVE-2020-4450)