PT-2020-17988 · Ibm · Ibm Infosphere Information Server

Lukasz Plonka

Published

2020-07-09

Updated

2020-07-17

CVE-2020-4305

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions IBM InfoSphere Information Server versions 11.3, 11.5, and 11.7

Description The issue allows a remote attacker to execute arbitrary code on the system due to the deserialization of untrusted data. An attacker could exploit this by persuading a victim to visit a specially crafted Web site, resulting in the execution of arbitrary code on the system.

Recommendations For IBM InfoSphere Information Server versions 11.3, 11.5, and 11.7, consider restricting access to untrusted data to minimize the risk of exploitation until a patch is available. As a temporary workaround, consider disabling the deserialization of untrusted data until a fix is provided.

Fix

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

CVE-2020-4305

Affected Products

Ibm Infosphere Information Server

PT-2020-17988 · Ibm · Ibm Infosphere Information Server

CVE-2020-4305

Weakness Enumeration

Related Identifiers

Affected Products

References · 5