CVE-2023-0925

Name of the Vulnerable Software and Affected Versions webMethods OneData version 10.11

Description The issue allows an unauthenticated attacker with network connectivity to the Java RMI registry and RMI interface ports to abuse the functionality and instruct the webMethods OneData application to load a malicious serialized Java object. This object can be deserialized on the vulnerable server, and the malicious code runs as the operating system account used to run the software, typically the local System account on Windows. The Java RMI registry listens on TCP port 2099 by default, and two RMI interfaces listen on a single, dynamically assigned TCP high port.

Recommendations For version 10.11, consider restricting access to the Java RMI registry port (2099) and the dynamically assigned RMI interface ports to minimize the risk of exploitation. As a temporary workaround, consider disabling the Java RMI registry and RMI interfaces until a patch is available. Avoid using the vulnerable version of webMethods OneData until a fixed version is released. At the moment, there is no information about a newer version that contains a fix for this vulnerability.