CVE-2016-5983

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server (WAS) versions 7.0 through 7.0.0.42 IBM WebSphere Application Server (WAS) versions 8.0 through 8.0.0.12 IBM WebSphere Application Server (WAS) versions 8.5 through 8.5.5.10 IBM WebSphere Application Server (WAS) versions 9.0 through 9.0.0.1 IBM WebSphere Application Server (WAS) Liberty versions prior to 16.0.0.4

Description The issue allows remote authenticated users to execute arbitrary Java code via a crafted serialized object.

Recommendations For IBM WebSphere Application Server (WAS) versions 7.0 through 7.0.0.42, update to version 7.0.0.43 or later. For IBM WebSphere Application Server (WAS) versions 8.0 through 8.0.0.12, update to version 8.0.0.13 or later. For IBM WebSphere Application Server (WAS) versions 8.5 through 8.5.5.10, update to version 8.5.5.11 or later. For IBM WebSphere Application Server (WAS) versions 9.0 through 9.0.0.1, update to version 9.0.0.2 or later. For IBM WebSphere Application Server (WAS) Liberty versions prior to 16.0.0.4, update to version 16.0.0.4 or later.