CVE-2019-4279

CRITICAL9.0

High EPSS

Description

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 160445.

CVSS breakdown

CVSS 3.0

Scope

Changed

Availability

High

Attack Complexity

High

Integrity

High

Confidentiality

High

Attack Vector

Network

Privileges Required

None

User Interaction

None

Changed

Unchanged

Affected products

ibm / websphere_application_server8.5 – 8.5
ibm / websphere_application_server9.0 – 9.0

References

MISChttps://www.ibm.com/support/docview.wss?uid=ibm10883628
MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/160445
MISChttp://www.securityfocus.com/bid/108450