Lucene search

K
ibmIBM5E2AFDF7AB3E087F15E11D8D08AEEF34592E638BA469F3697192CBD365B9C998
HistoryJun 15, 2018 - 10:41 p.m.

Security Bulletin: Vulnerability in Apache Commons affects IBM Algo Credit Administrator (CVE-2015-7450)

2018-06-1522:41:02
www.ibm.com
5

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

Summary

An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by IBM Algo Credit Administrator

Vulnerability Details

CVEID: CVE-2015-7450 DESCRIPTION: Apache Commons Collections could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of data with Java InvokerTransformer class. By sending specially crafted data, an attacker could exploit this vulnerability to execute arbitrary Java code on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107918 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

IBM Algo Credit Administrator 2.2.0

Remediation/Fixes

A fix has been created for version 2.2.0 of the named product. Download and install the fix as soon as practicable. Fix and installation instructions are provided at the URL listed below.

Patch Number Download URL
Algo Credit Administrator 2.2.0-116 http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+Credit+Manager&release=All&platform=All&function=fixId&fixids=2.2.0.0-Algo-ACA-gf0116:0&includeSupersedes=0&source=fc&login=true

For versions prior to 2.2.0 IBM recommends upgrading to a fixed, supported version/release/platform of the product.

IBM recommends that you review your entire environment to identify vulnerable releases of the open-source Apache Commons Collections and take appropriate mitigation and remediation actions.

Workarounds and Mitigations

None

CPENameOperatorVersion
algo credit administratoreq2.2.0

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

Related for 5E2AFDF7AB3E087F15E11D8D08AEEF34592E638BA469F3697192CBD365B9C998