← back
CVE-2019-4279

CVE-2019-4279

CVSS 9 CRITICALEPSS 80.4%
In short

IBM WebSphere Application Server versions 8.5 and 9.0 can be tricked into running harmful code when processing specially crafted data from the internet. This allows an attacker to take complete control of the affected server.

Technical detail

The vulnerability exists in unsafe deserialization of untrusted serialized objects in IBM WebSphere Application Server 8.5 and 9.0. A remote attacker can craft malicious serialized payloads to achieve arbitrary code execution with the privileges of the application server process, without requiring prior authentication.

Summary generated and translated by AI from the official description.
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 160445.
CVSS:3.0/S:C/A:H/AC:H/I:H/C:H/AV:N/PR:N/UI:N/RL:O/RC:C/E:U
Affected products
IBM · WebSphere Application Server
public PoCs found1
exploitdbwww.exploit-db.com/exploits/46969unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/160445https://www.ibm.com/support/docview.wss?uid=ibm10883628http://www.securityfocus.com/bid/108450