Lucene search
IBME310185BE54E51CFF10493C7633774F32119E4171818C194880F59739AAA4089HistoryNov 18, 2020 - 8:31 p.m.
Security Bulletin: CVE-2019-10173CVE-2019-10173 xstream API If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands
2020-11-1820:31:41
www.ibm.com
16
0.942 High
EPSS
Percentile
99.2%
Summary
CVE-2019-10173 xstream API If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands
Vulnerability Details
CVEID:CVE-2019-10173
**DESCRIPTION:**xstream API could allow a remote attacker to execute arbitrary commands on the system, caused by insecure XML deserialization. By sending a specially-crafted data, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/164187 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| UCD - IBM UrbanCode Deploy | 6.2.7.4 |
| UCD - IBM UrbanCode Deploy | 6.2.7.3 |
| UCD - IBM UrbanCode Deploy | 7.0.4.0 |
| UCD - IBM UrbanCode Deploy | 7.0.3.0 |
| UCD - IBM UrbanCode Deploy | All |
Remediation/Fixes
Upgrade to 6.2.7.9, 7.0.5.4, 7.1.1.0 or later.
- https://www.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=6.2.7.9-IBM-UrbanCode-Deploy&continue=1
- https://www.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=7.0.5.4-IBM-UrbanCode-Deploy&continue=1
- https://www.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=7.1.1.0.ifix01-IBM-UrbanCode-Deploy&continue=1
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm urbancode deploy | eq | 7.1.1.0 |
Related
checkpoint_advisories
checkpoint_advisories
XStream Library Insecure Deserialization (CVE-2019-10173)
2020-02-26 00:00:00
symantec
symantec
osv
osv
Deserialization of Untrusted Data and Code Injection in xstream
2019-07-26 16:09:47
CVE-2019-10173
2019-07-23 13:15:13
github
github
Deserialization of Untrusted Data and Code Injection in xstream
2019-07-26 16:09:47
ibm
ibm
redhatcve
redhatcve
CVE-2019-10173
2019-07-22 14:36:13
myhack58
myhack58
cve
cve
CVE-2019-10173
2019-07-23 13:15:13
cvelist
cvelist
CVE-2019-10173
2019-07-23 12:50:44
ubuntucve
ubuntucve
CVE-2019-10173
2019-07-23 00:00:00
debiancve
debiancve
CVE-2019-10173
2019-07-23 13:15:13
nvd
nvd
CVE-2019-10173
2019-07-23 13:15:13
prion
prion
Deserialization of untrusted data
2019-07-23 13:15:00
veracode
veracode
Remote Code Execution (RCE)
2019-07-23 05:16:12
nessus
nessus
Oracle Business Process Management Suite (Jan 2021 CPU)
2021-01-22 00:00:00
Oracle WebCenter Portal Multiple Vulnerabilities (Oct 2020 CPU)
2020-11-03 00:00:00
redhat
redhat
oracle
oracle
Oracle Critical Patch Update Advisory - January 2021
2021-01-19 00:00:00
Oracle Critical Patch Update Advisory - July 2021
2021-07-20 00:00:00
Oracle Critical Patch Update Advisory - April 2021
2021-04-20 00:00:00
0.942 High
EPSS
Percentile
99.2%
Related for E310185BE54E51CFF10493C7633774F32119E4171818C194880F59739AAA4089