CVE-2020-4450

Description

IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181231.

CVSS breakdown

CVSS 3.0

User Interaction

None

Attack Vector

Network

Confidentiality

High

Privileges Required

None

Attack Complexity

Low

Integrity

High

Scope

Unchanged

Availability

High

Unchanged

Changed

Affected products

ibm / websphere_application_server8.5 – 8.5
ibm / websphere_application_server9.0 – 9.0

References

MISChttps://www.ibm.com/support/pages/node/6220294
MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/181231
VENDOR_ADVISORYhttps://www.zerodayinitiative.com/advisories/ZDI-20-689/