First published: Fri Jun 05 2020(Updated: )
IBM WebSphere Application Server Network Deployment 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 181228.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
Ibm Websphere Application Server | >=8.5.0.0<8.5.5.18 | |
Ibm Websphere Application Server | >=9.0.0.0<9.0.5.4 | |
IBM WebSphere Virtual Enterprise | =7.0 | |
IBM WebSphere Virtual Enterprise | =8.0 | |
IBM WebSphere Application Server ND | <=9.0 | |
IBM WebSphere Application Server ND | <=8.5 | |
IBM WebSphere Virtual Enterprise | <=8.0 | |
IBM WebSphere Virtual Enterprise | <=7.0 | |
IBM WebSphere |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-4448 is a vulnerability that allows remote attackers to execute arbitrary code on affected installations of IBM WebSphere.
No, authentication is not required to exploit CVE-2020-4448.
CVE-2020-4448 has a severity rating of 9.8 (Critical).
IBM WebSphere Application Server versions 8.5.0.0 to 8.5.5.18 and 9.0.0.0 to 9.0.5.4 are affected by CVE-2020-4448.
IBM has released patches to address CVE-2020-4448. Please refer to the IBM support pages for more information on obtaining and applying the patches.