What is CVE-2020-4464?

CVE-2020-4464 is a critical vulnerability that allows remote attackers to execute arbitrary code on affected installations of IBM WebSphere Application Server.

How severe is CVE-2020-4464?

CVE-2020-4464 is rated as critical with a severity score of 9.8 out of 10.

What is the affected software?

The affected software includes IBM WebSphere Application Server versions 7.0 to 9.0.

Is authentication required to exploit CVE-2020-4464?

No, authentication is not required to exploit CVE-2020-4464.

How can I fix CVE-2020-4464?

To fix CVE-2020-4464, apply the necessary patches provided by IBM and update to the latest version of IBM WebSphere Application Server.

Vulnerability/
CVE-2020-4464

critical

9.8

CWE

502

16/7/2020

4/8/2024

CVE-2020-4464: IBM WebSphere Application Server SOAP Deserialization of Untrusted Data Remote Code Execution Vulnerability

First published: Thu Jul 16 2020(Updated: )

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to execute arbitrary code on a system with a specially-crafted sequence of serialized objects over the SOAP connector. IBM X-Force ID: 181489.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
Ibm Websphere Application Server	>=7.0.0.0<=7.0.0.45
Ibm Websphere Application Server	>=8.0.0.0<=8.0.0.15
Ibm Websphere Application Server	>=8.5.0.0<=8.5.5.17
Ibm Websphere Application Server	>=9.0.0.0<=9.0.5.4
Ibm Websphere Application Server	<=9.0
Ibm Websphere Application Server	<=8.5
Ibm Websphere Application Server	<=8.0
Ibm Websphere Application Server	<=7.0

Remedy

https://www.ibm.com/support/pages/node/6250059

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6250059

Frequently Asked Questions

What is CVE-2020-4464?
CVE-2020-4464 is a critical vulnerability that allows remote attackers to execute arbitrary code on affected installations of IBM WebSphere Application Server.
How severe is CVE-2020-4464?
CVE-2020-4464 is rated as critical with a severity score of 9.8 out of 10.
What is the affected software?
The affected software includes IBM WebSphere Application Server versions 7.0 to 9.0.
Is authentication required to exploit CVE-2020-4464?
No, authentication is not required to exploit CVE-2020-4464.
How can I fix CVE-2020-4464?
To fix CVE-2020-4464, apply the necessary patches provided by IBM and update to the latest version of IBM WebSphere Application Server.

collector/nvd-index
agent/type
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/remedy
agent/references
agent/severity
agent/last-modified-date
agent/weakness
agent/title
agent/author
agent/description
collector/ibm-support
source/IBM
agent/software-canonical-lookup
agent/softwarecombine
agent/tags
agent/event
collector/zdi-advisory
source/ZDI
alias/ZDI-20-878
alias/ZDI-CAN-10767
alias/CVE-2020-4464
vendor/ibm
canonical/ibm websphere application server
version/ibm websphere application server/7.0.0.0
version/ibm websphere application server/7.0.0.45
version/ibm websphere application server/8.0.0.0
version/ibm websphere application server/8.0.0.15
version/ibm websphere application server/8.5.0.0
version/ibm websphere application server/8.5.5.17
version/ibm websphere application server/9.0.0.0
version/ibm websphere application server/9.0.5.4
version/ibm websphere application server/9.0
version/ibm websphere application server/8.5
version/ibm websphere application server/8.0
version/ibm websphere application server/7.0
canonical/ibm websphere