First published: Tue Jan 31 2023(Updated: )
IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. IBM X-Force ID: 245513.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM WebSphere Application Server Feature Pack for Web Services | <=9.0 | |
IBM WebSphere Application Server Feature Pack for Web Services | <=8.5 | |
IBM WebSphere Application Server Feature Pack for Web Services | =8.5 | |
IBM WebSphere Application Server Feature Pack for Web Services | =9.0 | |
HPE HP-UX | ||
IBM AIX | ||
IBM iSeries AS/400 | ||
IBM z/OS | ||
Linux Kernel | ||
Microsoft Windows Operating System | ||
Oracle Solaris and Zettabyte File System (ZFS) |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2023-23477 is critical.
IBM WebSphere Application Server 8.5 and 9.0 are affected by CVE-2023-23477.
A remote attacker can exploit CVE-2023-23477 by sending a specially crafted sequence of serialized objects.
The IBM X-Force ID for CVE-2023-23477 is 245513.
You can find more information about CVE-2023-23477 at the following references: [Link 1](https://exchange.xforce.ibmcloud.com/vulnerabilities/245513), [Link 2](https://www.ibm.com/support/pages/node/6891111).