Security Bulletin: WebSphere Application Server traditional is vulnerable to a remote code execution vulnerability


## Summary WebSphere Application Server, used by IBM Tivoli Network Manager (ITNM) IP Edition, is vulnerable to a remote code execution vulnerability. ## Vulnerability Details ** CVEID: **[CVE-2023-23477](<https://vulners.com/cve/CVE-2023-23477>) ** DESCRIPTION: **IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. IBM X-Force ID: 245513. CVSS Base score: 8.1 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/245513](<https://exchange.xforce.ibmcloud.com/vulnerabilities/245513>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) ## Affected Products and Versions Affected Product(s)| Version(s) ---|--- ITNM| 4.2 GA through to ## Remediation/Fixes IBM Strongly recommends addressing the vulnerability now. The issue has been fixed in WebSphere, (<https://www.ibm.com/support/pages/node/6891111>). ITNM 4.2 Fix Pack 14 supports these versions of WebSphere. Upgrading to ITNM 4.2 Fix Pack 14 or above and using recommended version of WebSphere will fix the vulnerability. ## Workarounds and Mitigations None ##

Affected Software

CPE Name Name Version
tivoli network manager ip edition 4.2.0