Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM7E1AD56C932EE6022D560B647F3D701B90E917C8D245F2619F30EAFAE93014A2
HistoryJun 15, 2018 - 7:04 a.m.

Security Bulletin: Vulnerability in Apache Commons affects WebSphere eXtreme Scale (CVE-2015-7450)

2018-06-1507:04:12
www.ibm.com
11

EPSS

0.97

Percentile

99.8%

JSON

Summary

An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by WebSphere eXtreme Scale.

Vulnerability Details

CVEID: CVE-2015-7450 DESCRIPTION: Apache Commons Collections could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of data with Java InvokerTransformer class. By sending specially crafted data, an attacker could exploit this vulnerability to execute arbitrary Java code on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107918 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

WebSphere eXtreme Scale 7.1.0

WebSphere eXtreme Scale 7.1.1

WebSphere eXtreme Scale 8.5

WebSphere eXtreme Scale 8.6

Remediation/Fixes

<Product

| VRMF| APAR| Remediation/First Fix
—|—|—|—
WebSphere eXtreme Scale| 7.1.0| PI52470| http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+eXtreme+Scale&release=7.1.0.3&platform=All&function=all
WebSphere eXtreme Scale| 7.1.1| PI52487| http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+eXtreme+Scale&release=7.1.1.1&platform=All&function=all
WebSphere eXtreme Scale| 8.5.0| PI52487| http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+eXtreme+Scale&release=8.5.0.3&platform=All&function=all
WebSphere eXtreme Scale| 8.6| PI52487| http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+eXtreme+Scale&release=8.6.0.8&platform=All&function=all

Workarounds and Mitigations

No workaround exists. If you are running WebSphere eXtreme Scale clients or servers, apply the appropriate fix from the previous table. If you are running WebSphere eXtreme Scale clients or servers that are embedded in WebSphere Application Server, apply also the appropriate fix for WebSphere Application Server, which is described here: _<https://www-304.ibm.com/support/docview.wss?uid=swg21962931&gt;_

Related

checkpoint_advisories 1
ibm 128
nessus 1
saint 4
nuclei 1
attackerkb 1
metasploit 1
cvelist 1
exploitdb 1
cve 1
openvas 2
prion 1
cisa_kev 1
nvd 1
zdt 1
packetstorm 1
myhack58 1
thn 1
threatpost 1
veracode 1
cisa 1
impervablog 1
checkpoint_advisories
checkpoint_advisories
IBM WebSphere Application Server Commons-Collections Library Remote Code Execution (CVE-2015-7450)
2015-11-25 00:00:00
ibm
ibm
Security Bulletin: Vulnerability in Apache Commons affects IBM Tivoli Composite Application Manager for Application Diagnostics (CVE-2015-7450)
2018-06-17 15:13:52
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Rational ClearCase (CVE-2015-7450)
2018-07-10 08:34:12
Security Bulletin: A security vulnerability has been identified in Tivoli Common Reporting shipped with IBM Systems Director Editions.(CVE-2015-7450)
2018-06-18 01:30:23
nessus
nessus
IBM WebSphere Java Object Deserialization RCE
2015-12-02 00:00:00
saint
saint
IBM WebSphere Management Server Apache Commons
2016-02-03 00:00:00
IBM WebSphere Management Server Apache Commons
2016-02-03 00:00:00
IBM WebSphere Management Server Apache Commons
2016-02-03 00:00:00
nuclei
nuclei
IBM WebSphere Java Object Deserialization - Remote Code Execution
2021-09-01 15:13:55
attackerkb
attackerkb
CVE-2015-7450
2016-01-02 00:00:00
metasploit
metasploit
IBM WebSphere RCE Java Deserialization Vulnerability
2017-03-13 06:22:24
cvelist
cvelist
CVE-2015-7450
2016-01-02 21:00:00
exploitdb
exploitdb
IBM WebSphere - RCE Java Deserialization (Metasploit)
2017-03-15 00:00:00
cve
cve
CVE-2015-7450
2016-01-02 21:59:15
openvas
openvas
IBM WebSphere Application Server Remote Code Execution Vulnerability (Active Check)
2016-07-29 00:00:00
IBM WebSphere Application Server Unserialize Vulnerability
2015-11-17 00:00:00
prion
prion
Design/Logic Flaw
2016-01-02 21:59:00
cisa_kev
cisa_kev
IBM WebSphere Application Server and Server Hypervisor Edition Code Injection.
2022-01-10 00:00:00
nvd
nvd
CVE-2015-7450
2016-01-02 21:59:15
zdt
zdt
IBM WebSphere Remote Code Execution Java Deserialization Exploit
2017-03-15 00:00:00
packetstorm
packetstorm
IBM WebSphere Remote Code Execution Java Deserialization
2017-03-14 00:00:00
myhack58
myhack58
The use of server vulnerability mining black production case study-vulnerability warning-the black bar safety net
2017-03-15 00:00:00
thn
thn
Researchers Uncover Hacker Group Behind Organized Financial-Theft Operation
2022-01-05 13:40:00
threatpost
threatpost
‘Elephant Beetle’ Lurks for Months in Networks
2022-01-05 22:18:28
veracode
veracode
Potential Remote Code Execution Via Java Object Deserialization
2015-11-09 19:34:22
cisa
cisa
CISA Adds 15 Known Exploited Vulnerabilities to Catalog
2022-01-10 00:00:00
impervablog
impervablog
Deserialization Attacks Surge Motivated by Illegal Crypto-mining
2018-01-24 17:45:08

EPSS

0.97

Percentile

99.8%

JSON
Related for 7E1AD56C932EE6022D560B647F3D701B90E917C8D245F2619F30EAFAE93014A2
checkpoint_advisories1ibm128nessus1saint4nuclei1attackerkb1metasploit1cvelist1exploitdb1cve1openvas2prion1cisa_kev1nvd1zdt1packetstorm1myhack581thn1threatpost1veracode1cisa1impervablog1