Noxxx

**Name of the Vulnerable Software and Affected Versions** IBM WebSphere Application Server versions 7.0 through 9.0 traditional **Description** The issue is related to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. **Recommendations** For IBM WebSphere Application Server versions 7.0 through 9.0 traditional, consider disabling token-based authentication for admin requests over the SOAP connector until a patch is available. Restrict access to the SOAP connector to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** IBM WebSphere Application Server versions 7.0 through 9.0 **Description** The issue concerns a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. **Recommendations** For IBM WebSphere Application Server versions 7.0 through 9.0, consider disabling token-based authentication for admin requests over the SOAP connector as a temporary workaround until a patch is available. Restrict access to the SOAP connector to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** IBM WebSphere Application Server versions 7.0 through 9.0 **Description** The issue allows remote attackers to execute arbitrary Java code through an administrative client class with a serialized object from untrusted sources. **Recommendations** For IBM WebSphere Application Server versions 7.0 through 9.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.