PT-2020-18073 · Ibm · Ibm Websphere Application Server

Tint0

Published

2020-06-05

Updated

2021-07-21

CVE-2020-4449

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server versions 7.0 through 9.0

Description The issue allows a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. This is related to the deserialization of untrusted data, which can lead to information disclosure.

Recommendations For IBM WebSphere Application Server versions 7.0 through 9.0, consider restricting access to the IIOP protocol to minimize the risk of exploitation until a patch is available. As a temporary workaround, disabling the deserialization of untrusted data can help mitigate the issue.

Fix

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

CVE-2020-4449

ZDI-20-690

Affected Products

Ibm Websphere Application Server

PT-2020-18073 · Ibm · Ibm Websphere Application Server

CVE-2020-4449

Weakness Enumeration

Related Identifiers

Affected Products

References · 6