9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability in Apache Commons FileUpload affects IBM WebSphere Service Registry and Repository (CVE-2016-1000031)
CVEID: CVE-2016-1000031**
DESCRIPTION:** Apache Commons FileUpload, as used in certain products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/117957 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
WebSphere Service Registry and Repository V8.5
WebSphere Service Registry and Repository V8.0
For unsupported versions IBM recommends upgrading to a fixed, supported version of the product
To remediate CVE-2016-1000031 you need to apply fixes for both IBM WebSphere Application Server and IBM WebSphere Service Registry and Repository.
For** WebSphere Application Server** updates refer to this bulletin:
Security Bulletin: Security vulnerability in Apache Commons FileUpload used by WebSphere Application Server (CVE-2016-1000031)
For WebSphere Service Registry and Repository, this vulnerability has been fixed under APAR IJ01131. Fixes containing IJ01131 have been published and are available from Fix Central.
For WSRR V8.5
Apply V8.5.6.1**_IJ01131**** **
For WSRR V8.0
Apply V****8.0.0.3_IV65487_IV79085_IV87422_IV87429_IV89477_IJ01131
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P