Lucene search

K
ibmIBM46EE401E382E2FF6D9E4A9CC93A2B8F4B5670C253D12335D89A76805C2BB9CAD
HistoryDec 20, 2019 - 8:47 a.m.

Security Bulletin: Apache Commons Collections library in WebSphere Application Server Knowledge Center is vulnerable (CVE-2015-7450)

2019-12-2008:47:33
www.ibm.com
11

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

Summary

The Knowledge Center Component used in Version 9 of the WebSphere Application Server needs an updated Apache Commons Collections library.

Vulnerability Details

CVEID:CVE-2015-7450
**DESCRIPTION:**Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransformer class in the Apache Commons Collections library.
CVSS Base score: 9.8
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
WebSphere Application Server 9.0

Remediation/Fixes

For IBM WebSphere Application Server:**
** For V9.0.0.0 through 9.0.5.1:

  • Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix PH16353

-- OR

  • Apply Fix Pack 9.0.5.2 or later (targeted availability 4Q2019).

Workarounds and Mitigations

None

CPENameOperatorVersion
websphere application servereq9.0

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

Related for 46EE401E382E2FF6D9E4A9CC93A2B8F4B5670C253D12335D89A76805C2BB9CAD