Remote code execution (RCE) flaw in IBM Websphere application server; patch it now

Cybersecurity specialists report finding a critical vulnerability in Websphere Application Server, the IBM application server software built using open standards such as J2EE, XML, and Web Services. Successful execution of this flaw would allow threat actors to execute arbitrary code on affected systems.

Below is a brief description of the reported flaw, in addition to its identification key and score according to the Common Vulnerability Scoring System (CVSS).

CVE-2020-4589: This flaw exists due to unsafe input validation when processing serialized data, which could be leveraged by a remote threat actor to pass specially designed data to the application and execute arbitrary code on the target system. Cybersecurity specialists mention that the vulnerability can only be triggered if an administrator has applied undocumented customization in Websphere.

This is a high severity vulnerability that received a score of 8.5/10.

Las versiones de IBM WebSphere Application Server afectadas por esta falla son: 7.0, 7.0.0.0, 7.0.0.1, 7.0.0.3, 7.0.0.5, 7.0.0.7, 7.0.0.9, 7.0.0.11, 7.0.0.13, 7.0.0.15, 7.0.0.17, 7.0.0.18, 7.0.0.19, 7.0.0.21, 7.0.0.22, 7.0.0.23, 7.0.0.24, 7.0.0.25, 7.0.0.26, 7.0.0.27, 7.0.0.28, 7.0.0.29, 7.0.0.30, 7.0.0.31, 7.0.0.32, 7.0.0.33, 7.0.0.34, 7.0.0.35, 7.0.0.36, 7.0.0.37, 7.0.0.38, 7.0.0.39, 7.0.0.40, 7.0.0.41, 7.0.0.42, 7.0.0.43, 7.0.0.45, 8.0, 8.0.0.0, 8.0.0.1, 8.0.0.2, 8.0.0.3, 8.0.0.4, 8.0.0.5, 8.0.0.6, 8.0.0.7, 8.0.0.8, 8.0.0.9, 8.0.0.10 , 8.0.0.11, 8.0.0.12, 8.0.0.13, 8.0.0.14, 8.0.0.15, 8.5, 8.5.0.0, 8.5.0.1, 8.5.0.2, 8.5.1.0, 8.5.2.0, 8.5.3.0, 8.5.4.0, 8.5.5.0, 8.5.5.1, 8.5.5.2, 8.5.5.3, 8.5.5.4, 8.5.5.5, 8.5.5.6, 8.5.5.7, 8.5.5.8, 8.5.5.9, 8.5.5.10, 8.5.5.11, 8.5.5.12, 8.5.5.13, 8.5.5.14, 8.5.5.15, 8.5.5.17, 9.0, 9.0.0.0, 9.0.0.1, 9.0.0.2, 9.0.0.3, 9.0.0.4, 9.0.0.5, 9.0.0.6, 9.0.0.7, 9.0.0.8, 9.0.0.9, 9.0.0.10, 9.0.5.3, 9.0.5.4.

While the vulnerability may be exploited by an unauthenticated remote hacker, attempts to exploit actively or any malware associated with this attack have not yet been detected. Updates are ready, so administrators of affected deployments should install them as soon as possible.