9.8

CVE-2023-32336

IBM InfoSphere Information Server code execution

IBM InfoSphere Information Server 11.7 is affected by a remote code execution vulnerability due to insecure deserialization in an RMI service.  IBM X-Force ID:  255285.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmInfosphere Information Server Version11.7
   IbmAix Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.4% 0.69
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
psirt@us.ibm.com 8.8 2.8 5.9
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

https://exchange.xforce.ibmcloud.com/vulnerabilities/255285
Vendor Advisory
VDB Entry
https://www.ibm.com/support/pages/node/6995879
Vendor Advisory