← back
CVE-2020-4450

CVE-2020-4450

CVSS 9.8 CRITICALEPSS 33.9%
In short

IBM WebSphere Application Server versions 8.5 and 9.0 can be tricked into running malicious code if an attacker sends specially crafted data. This is dangerous because it gives attackers complete control over the server.

Technical detail

A deserialization vulnerability in IBM WebSphere Application Server 8.5 and 9.0 allows remote code execution when processing untrusted serialized Java objects. The attack requires network access to the application server and results in arbitrary code execution with the privileges of the WebSphere process.

Summary generated and translated by AI from the official description.
IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181231.
CVSS:3.0/UI:N/AV:N/C:H/PR:N/AC:L/I:H/S:U/A:H/RL:O/E:U/RC:C
Affected products
IBM · WebSphere Application Server

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/181231https://www.ibm.com/support/pages/node/6220294https://www.zerodayinitiative.com/advisories/ZDI-20-689/