tagline: Confidence in the Connected World
CIS Logo
HomeResourcesAdvisoriesA Vulnerability in IBM WebSphere Application Server Could Allow for Remote Code Execution

A Vulnerability in IBM WebSphere Application Server Could Allow for Remote Code Execution

MS-ISAC ADVISORY NUMBER:

2016-146

DATE(S) ISSUED:

09/26/2016

OVERVIEW:

A vulnerability has been discovered in IBM WebSphere Application Server that can result in remote code execution. IBM WebSphere Application Server is a software framework that hosts Java based web applications. Successful exploitation could allow an unauthenticated user to take control of the affected system and perform unauthorized actions.

THREAT INTELLIGENCE:

There are currently no reports of these vulnerabilities being exploited in the wild.

SYSTEMS AFFECTED:

  • IBM WebSphere Application Server Liberty
  • IBM WebSphere Application Server Version 7.0.0.41 and prior
  • IBM WebSphere Application Server Version 8.0.0.12 and prior
  • IBM WebSphere Application Server Version 8.5.5.10 and prior
  • IBM WebSphere Application Server Version 9.0.0.1 and prior

RISK:

Goverment:
  • Large and medium government entities: HIGH
  • Small government entities: LOW
Businesses:
  • Large and medium business entities: HIGH
  • Small business entities: LOW
Home Users:
N/A

TECHNICAL SUMMARY:

IBM WebSphere is prone to a remote code execution vulnerability. This vulnerability could allow remote attackers to execute Java code with a serialized object from untrusted sources. Attackers can exploit this issue to execute remote code on the host operating system with the privileges of root. Successful exploitation could allow an unauthenticated user to take control of the affected system and perform unauthorized actions.

RECOMENDATIONS:

We recommend the following actions be taken:

• Install updates once released by IBM after appropriate testing.
• Apply interim fix PI62375 to vulnerable version of software until a patch is released by IBM. Installation instructions can be found at the following URL: http://www-01.ibm.com/support/docview.wss?uid=swg24042712
• Verify no unauthorized system modifications have occurred on system before applying patch.
• Monitor intrusion detection systems for any signs of anomalous activity.
• Unless required, limit external network access to affected products.

REFERENCES:

Get Email Updates When Cyber Threats Like This Arise

Arrow Subscribe to Advisories

Protect Your Systems from Cyber Threats Like This

CIS Controls That Help Avoid This Issue Arrow CIS Control 4: Continuous Vulnerability Assessment and Remediation Arrow CIS Control 18: Application Software Security CIS Benchmark and Other Tools for Related Technology Arrow Apache HTTP Server