CVE-2020-4464

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server versions 7.0 through 9.0

Description The issue allows a remote attacker to execute arbitrary code on a system with a specially-crafted sequence of serialized objects over the SOAP connector. This is related to the deserialization of untrusted data.

Recommendations For versions 7.0 through 9.0, as a temporary workaround, consider disabling the SOAP connector until a patch is available. Restrict access to the SOAP endpoint to minimize the risk of exploitation. Avoid using untrusted data in the deserialization process until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.