CVE-2022-40609

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions IBM SDK, Java Technology Edition versions 7.1.5.18 through 8.0.8.0

Description The issue is related to an unsafe deserialization flaw in the Java Technology Edition, which could allow a remote attacker to execute arbitrary code on the system. By sending specially-crafted data, an attacker could exploit this flaw to execute arbitrary code. The vulnerability is associated with deficiencies in the deserialization mechanism.

Recommendations For IBM SDK, Java Technology Edition versions 7.1.5.18 through 8.0.8.0, consider disabling the deserialization functionality as a temporary workaround until a patch is available. Restrict access to the vulnerable components to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

BDU:2023-04504

CESA-2023_4103

CVE-2022-40609

OPENSUSE-SU-2023_3441-1

RHSA-2023:4103

RHSA-2023:4160

RHSA-2023_4103

RHSA-2023_4160

SUSE-SU-2023:3406-1

SUSE-SU-2023:3441-1

SUSE-SU-2023_3406-1

SUSE-SU-2023_3441-1

Affected Products

Centos

Ibm Aix

Ibm Sdk

Red Hat

Suse

CVE-2022-40609

Weakness Enumeration

Related Identifiers

Affected Products

References · 32