The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Vulnerability of IBM WebSphere Application Server: code execution via serialized objects

Synthesis of the vulnerability

An attacker can use a vulnerability via serial of IBM WebSphere Application Server, in order to run code.
Severity of this computer vulnerability: 3/4.
Creation date: 23/09/2016.
Références of this announce: 1990060, 1991866, 1991867, 1991870, 1991871, 1991875, 1991876, 1991878, 1991880, 1991882, 1991884, 1991885, 1991886, 1991887, 1991889, 1991892, 1991894, 1991896, 1991898, 1991902, 1991903, 1991951, 1991955, 1991959, 1991960, 1991961, 1995390, 1999671, 2000095, 2000544, 2002049, 2002050, 7014463, 7048591, CVE-2016-5983, VIGILANCE-VUL-20686.

Description of the vulnerability

The IBM WebSphere Application Server runs on a Java virtual machine.

It can load serialized objects from external sources. However, it likely does not restrict which classes are loaded when an object is unserialized.

An attacker can therefore send serialized objects to IBM WebSphere Application Server, in order to run code.
Full Vigil@nce bulletin... (Free trial)

This weakness note impacts software or systems such as Security Directory Server, Tivoli Directory Server, Tivoli System Automation, Tivoli Workload Scheduler, WebSphere AS Traditional.

Our Vigil@nce team determined that the severity of this threat note is important.

The trust level is of type confirmed by the editor, with an origin of internet client.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a technician ability can exploit this computer weakness.

Solutions for this threat

IBM WebSphere Application Server: version 9.0.0.2.
The version 9.0.0.2 is fixed:
  http://www.ibm.com/support/docview.wss?uid=swg24042989

IBM WebSphere Application Server: version 7.0.0.43.
The version 7.0.0.43 is fixed.

IBM WebSphere Application Server: patch for serialized objects.
A patch is indicated in information sources for each active branch, from 7.x to 9.x.

IBM BigFix Remote Control: solution.
The solution is indicated in information sources.
See also the bulletin VIGILANCE-SOL-52145.

IBM Cognos Analytics: solution.
The solution is indicated in information sources.

IBM Cognos Business Intelligence: solution.
The solution is indicated in information sources.

IBM Security Directory Suite: fixed versions for WebSphere AS.
Fixed versions are indicated in information sources.

IBM Security/Tivoli Directory Server: solution for Websphere AS.
The solution is indicated in information sources.

IBM Tivoli System Automation Application Manager: solution for WebSphere AS.
The solution is indicated in information sources.

IBM Tivoli Workload Scheduler: patch for WebSphere AS.
A patch is indicated in information sources.
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides network vulnerability patches. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.