9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerability in Apache Commons affects IBM WebSphere Service Registry and Repository (CVE-2015-7450)
CVEID: CVE-2015-7450**
DESCRIPTION:** Apache Commons Collections could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of data with Java InvokerTransformer class. By sending specially crafted data, an attacker could exploit this vulnerability to execute arbitrary Java code on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107918 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
WebSphere Service Registry and Repository V8.5
WebSphere Service Registry and Repository V8.0
WebSphere Service Registry and Repository V7.5
WebSphere Service Registry and Repository V7.0
For unsupported versions IBM recommends upgrading to a fixed, supported version of the product
To remediate this vulnerability you need to apply fixes for both IBM WebSphere Application Server and IBM WebSphere Service Registry and Repository.
For** WebSphere Application Server** updates refer to this bulletin:
Security Bulletin: Vulnerability in Apache Commons affects IBM WebSphere Application Server (CVE-2015-7450)
For WebSphere Service Registry and Repository the vulnerability has been fixed under APARIV79085.
IFixes containing IV79085 have been published and are available from Fix Central.
For WSRR V8.5
Apply V8.5.6.0_IV79085** **
For WSRR V8.0
Apply V8.0.0.3_IV65487_IV79085
For WSRR V7.5
Apply V7.5.0.4_IV60346_IV79085
For WSRR V7.0
Apply** **V7.0.0.5_IV60346_IV79085
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C