A Vulnerability in IBM WebSphere Application Server Could Allow for Remote Code Execution

ITS Advisory Number: 
2016-165
Date(s) Issued: 
Monday, September 26, 2016
Subject: 
A Vulnerability in IBM WebSphere Application Server Could Allow for Remote Code Execution
Overview: 

A vulnerability has been discovered in IBM WebSphere Application Server that can result in remote code execution. IBM WebSphere Application Server is a software framework that hosts Java based web applications. Successful exploitation could allow an unauthenticated user to take control of the affected system and perform unauthorized actions. 

Systems Affected: 

This vulnerability affects the following versions and releases of IBM WebSphere Application Server:

  • Liberty
  • Version 7.0.0.41 and prior
  • Version 8.0.0.12 and prior
  • Version 8.5.5.10 and prior
  • Version 9.0.0.1 and prior
RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
Low
BUSINESS
Large and medium business entities: 
High
Small business entities: 
Low
Home Users: 
N/A
Description: 

IBM WebSphere is prone to a remote code execution vulnerability. This vulnerability could allow remote attackers to execute Java code with a serialized object from untrusted sources. Attackers can exploit this issue to execute remote code on the host operating system with the privileges of root. Successful exploitation could allow an unauthenticated user to take control of the affected system and perform unauthorized actions.

Actions: 
  • After appropriate testing, install updates once released by IBM.
  • After appropriate testing, apply interim fix PI62375 to vulnerable version of software until a patch is released by IBM. Installation instructions can be found at the following URL: http://www-01.ibm.com/support/docview.wss?uid=swg24042712
  • Verify no unauthorized system modifications have occurred on system before applying patch.
  • Monitor intrusion detection systems for any signs of anomalous activity.