CVE-2015-7450

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server versions (affected versions not specified) IBM Tivoli Common Reporting versions (affected versions not specified) IBM Sterling B2B Integrator versions (affected versions not specified) IBM Sterling Integrator versions (affected versions not specified) IBM Watson Content Analytics versions (affected versions not specified) IBM Watson Explorer Analytical Components versions (affected versions not specified) IBM Watson Explorer Annotation Administration Console versions (affected versions not specified)

Description The issue allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransformer class in the Apache Commons Collections library. This is due to incorrect code generation management in certain IBM products. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

Recommendations For IBM WebSphere Application Server, update to a version that includes the fix for the InvokerTransformer class issue in the Apache Commons Collections library. For IBM Tivoli Common Reporting, restrict access to the InvokerTransformer class until a patch is available. For IBM Sterling B2B Integrator, IBM Sterling Integrator, IBM Watson Content Analytics, IBM Watson Explorer Analytical Components, and IBM Watson Explorer Annotation Administration Console, at the moment, there is no information about a newer version that contains a fix for this issue.