10

CVE-2020-4450

IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181231.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmWebsphere Application Server Version >= 8.5.0.0 < 8.5.5.18
IbmWebsphere Application Server Version >= 9.0.0.0 < 9.0.5.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 33.94% 0.982
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
psirt@us.ibm.com 9.8 3.9 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

https://exchange.xforce.ibmcloud.com/vulnerabilities/181231
Vendor Advisory
VDB Entry
https://www.ibm.com/support/pages/node/6220294
Patch
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-20-689/
Third Party Advisory
VDB Entry