A Vulnerability in IBM WebSphere Application Server Could Allow for Remote Code Execution
MS-ISAC ADVISORY NUMBER:2016-146
A vulnerability has been discovered in IBM WebSphere Application Server that can result in remote code execution. IBM WebSphere Application Server is a software framework that hosts Java based web applications. Successful exploitation could allow an unauthenticated user to take control of the affected system and perform unauthorized actions.
There are currently no reports of these vulnerabilities being exploited in the wild.
- IBM WebSphere Application Server Liberty
- IBM WebSphere Application Server Version 18.104.22.168 and prior
- IBM WebSphere Application Server Version 22.214.171.124 and prior
- IBM WebSphere Application Server Version 126.96.36.199 and prior
- IBM WebSphere Application Server Version 188.8.131.52 and prior
- Large and medium government entities: HIGH
- Small government entities: LOW
- Large and medium business entities: HIGH
- Small business entities: LOW
IBM WebSphere is prone to a remote code execution vulnerability. This vulnerability could allow remote attackers to execute Java code with a serialized object from untrusted sources. Attackers can exploit this issue to execute remote code on the host operating system with the privileges of root. Successful exploitation could allow an unauthenticated user to take control of the affected system and perform unauthorized actions.
We recommend the following actions be taken:
• Install updates once released by IBM after appropriate testing.
• Apply interim fix PI62375 to vulnerable version of software until a patch is released by IBM. Installation instructions can be found at the following URL: http://www-01.ibm.com/support/docview.wss?uid=swg24042712
• Verify no unauthorized system modifications have occurred on system before applying patch.
• Monitor intrusion detection systems for any signs of anomalous activity.
• Unless required, limit external network access to affected products.