Lucene search

K
ibmIBM37F20862021E2273CA661487C97F330F1BD3D1DBF7AEDDE1618F02B8075D2210
HistoryJun 15, 2018 - 7:04 a.m.

Security Bulletin: Vulnerability in Apache Commons affects IBM WebSphere Service Registry and Repository Studio (CVE-2015-7450)

2018-06-1507:04:15
www.ibm.com
5

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

Summary

Vulnerability in Apache Commons affects IBM WebSphere Service Registry and Repository Studio (CVE-2015-7450)

Vulnerability Details

CVEID: CVE-2015-7450**
DESCRIPTION:** Apache Commons Collections could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of data with Java InvokerTransformer class. By sending specially crafted data, an attacker could exploit this vulnerability to execute arbitrary Java code on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107918 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

WebSphere Service Registry and Repository Studio V8.5
WebSphere Service Registry and Repository Studio V8.0
WebSphere Service Registry and Repository Studio V7.5
WebSphere Service Registry and Repository Studio V7.0

For unsupported versions IBM recommends upgrading to a fixed, supported version of the product

Remediation/Fixes

For WebSphere Service Registry and Repository Studio the vulnerability has been fixed under APAR IV79089.

There is only one supported version of WSRR Studio and this is currently V8.5.6.0. Users of previous releases of Studio are entitled to update to V8.5.6.0 which is fully backwards compatibile with all previous releases.

For all WSRR Studio releases:

  • Apply V8.5.6.0_IV79089** **
  • Please note that the server component of WSRR is also vulnerable to this issue. Please see the separate bulletin on how to resolve this issue for the server.

Security Bulletin: Vulnerability in Apache Commons affects IBM WebSphere Service Registry and Repository (CVE-2015-7450)

  • IBM recommends that you review your entire environment to identify vulnerable releases of the open-source Apache Commons Collections and take appropriate mitigation and remediation actions.** **

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

Related for 37F20862021E2273CA661487C97F330F1BD3D1DBF7AEDDE1618F02B8075D2210