Lucene search

K
ibmIBM41ADAB729B11FDB0C9A1ECE9F3517886DD3424A62720D68D65491C2312EABAA7
HistoryJun 15, 2018 - 7:04 a.m.

Security Bulletin: Vulnerability in Apache Commons affects IBM WebSphere Service Registry and Repository (CVE-2015-7450)

2018-06-1507:04:15
www.ibm.com
5

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

Summary

Vulnerability in Apache Commons affects IBM WebSphere Service Registry and Repository (CVE-2015-7450)

Vulnerability Details

CVEID: CVE-2015-7450**
DESCRIPTION:** Apache Commons Collections could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of data with Java InvokerTransformer class. By sending specially crafted data, an attacker could exploit this vulnerability to execute arbitrary Java code on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107918 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

WebSphere Service Registry and Repository V8.5
WebSphere Service Registry and Repository V8.0
WebSphere Service Registry and Repository V7.5
WebSphere Service Registry and Repository V7.0

For unsupported versions IBM recommends upgrading to a fixed, supported version of the product

Remediation/Fixes

To remediate this vulnerability you need to apply fixes for both IBM WebSphere Application Server and IBM WebSphere Service Registry and Repository.

For** WebSphere Application Server** updates refer to this bulletin:
Security Bulletin: Vulnerability in Apache Commons affects IBM WebSphere Application Server (CVE-2015-7450)

For WebSphere Service Registry and Repository the vulnerability has been fixed under APARIV79085.

IFixes containing IV79085 have been published and are available from Fix Central.

For WSRR V8.5

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C