首页 > 其他分享 >Security Bulletin: IBM WebSphere Application Server is vulnerable to a remote code execution vulnera

Security Bulletin: IBM WebSphere Application Server is vulnerable to a remote code execution vulnera

时间:2023-02-14 09:58:44浏览次数:66  
标签:23477 code remote IBM support vulnerability Application Security CVSS

Skip to content     Support     DownloadsDocumentationForumsCasesMonitoringManage support account     IBM Support

Security Bulletin: IBM WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2023-23477)

Security Bulletin


Summary

IBM WebSphere Application Server traditional is vulnerable to a remote code execution vulnerability. This has been addressed.

Vulnerability Details

CVEID:   CVE-2023-23477
DESCRIPTION:   IBM WebSphere Application Server traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/245513 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

 

Affected Product(s) Version(s)
IBM WebSphere Application Server 9.0
IBM WebSphere Application Server 8.5

Remediation/Fixes

 

 IBM strongly recommends addressing the vulnerability now by upgrading to the fixpack specified below.

Please note that this vulnerability applies only to version 9.0.0.0 through 9.0.5.7 and version  8.5.0.0 through 8.5.5.19. It does not apply to fix pack version 9.0.5.8 and later,  and it does not apply to fix pack version 8.5.5.20 and later.

For IBM WebSphere Application Server traditional:

For V9.0.0.0 through 9.0.5.7:
· Apply Fix Pack 9.0.5.8 or later.

For V8.5.0.0 through 8.5.5.19:
· Apply Fix Pack 8.5.5.20 or later.

Workarounds and Mitigations

 

None

Get Notified about Future Security Bulletins

References

Complete CVSS v3 Guide
On-line Calculator v3

 

Related Information

IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog

 

Acknowledgement

The vulnerability was reported to IBM by Liboheng of Tophant Starlight laboratory.

 

Change History

31 Jan 2023: Initial Publication

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. "Affected Products and Versions" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.

Was this topic helpful?

Document Information

More support for:
WebSphere Application Server

Software version:
9.0,8.5

Operating system(s):
AIX, HP-UX, IBM i, Linux, Solaris, Windows, z/OS

Document number:
6891111

Modified date:
08 February 2023

  Manage My Notification Subscriptions

Close

Need support?

------------------------------------------------------------------------------------------
如果你觉得文章有用,欢迎打赏

 

 

标签:23477,code,remote,IBM,support,vulnerability,Application,Security,CVSS
From: https://www.cnblogs.com/z-cm/p/17118617.html

相关文章

  • ResultCodeEnum
    packagecom.mervin.yhapi.common;importlombok.Getter;importlombok.ToString;@Getter@ToStringpublicenumResultCodeEnum{SUCCESS(true,20000,"成功"),UN......
  • Codeforces Round #397 by Kaspersky Lab and Barcelona Bootcamp (Div. 1 + Div. 2 c
    FSouvenirs将询问离线,对原数组离散化,然后用权值线段树维护区间对应权值最大值,\(a_i\)的权值为\(i\),再用树状数组维护区间两数绝对值差的最小值。复杂度为\(\mathcal{......
  • 代码随想录算法训练营第二十四天|LeetCode 77. 组合
    77.组合文章:代码随想录(programmercarl.com)视频:带你学透回溯算法-组合问题(对应力扣题目:77.组合)|回溯法精讲!_哔哩哔哩_bilibili思路:那么我把组合问题抽象为如下树形......
  • leetcode:合并2个有序链表-easy
    题目:将两个升序链表合并为一个新的升序 链表并返回。新链表是通过拼接给定的两个链表的所有节点组成的。 示例: 输入:l1=[1,2,4],l2=[1,3,4]输出:[1,1,2,3,4,......
  • leetcode:求两数之和-easy
    题目:给定一个整数数组nums和一个整数目标值target,请你在该数组中找出和为目标值target 的那两个整数,并返回它们的数组下标。你可以假设每种输入只会对应一个答......
  • 【LeeCode】724. 寻找数组的中心索引
    【题目描述】给你一个整数数组 ​​nums​​ ,请计算数组的 中心下标 。数组 中心下标 是数组的一个下标,其左侧所有元素相加的和等于右侧所有元素相加的和。如果中心下......
  • 【LeeCode】739. 每日温度
    【题目描述】给定一个整数数组 ​​temperatures​​ ,表示每天的温度,返回一个数组 ​​answer​​ ,其中 ​​answer[i]​​ ​​i​​ 天,下一个更高温度出现在几天后......
  • 【栈】LeetCode 394. 字符串解码
    题目链接394.字符串解码思路建立一个数字栈numStack和一个字符串栈stringBuilderStack。遍历字符串s:遇到数字和字符时按照相应规则分别累加进k和result中。......
  • 【LeeCode】581. 最短无序连续子数组
    LeeCode【题目描述】给你一个整数数组 ​​nums​​ ,你需要找出一个 连续子数组 ,如果对这个子数组进行升序排序,那么整个数组都会变为升序排序。请你找出符合题意的 最......
  • #yyds干货盘点# LeetCode程序员面试金典:合并排序的数组
    题目:给定两个排序后的数组A和B,其中A的末端有足够的缓冲空间容纳B。编写一个方法,将B合并入A并排序。初始化 A和B的元素数量分别为 m和n。示例:输入:A=[1......