A vulnerability has been discovered in IBM WebSphere Application Server that can result in remote code execution. IBM WebSphere Application Server is a software framework that hosts Java based web applications. Successful exploitation could allow an unauthenticated user to take control of the affected system and perform unauthorized actions.
This vulnerability affects the following versions and releases of IBM WebSphere Application Server:
- Version 18.104.22.168 and prior
- Version 22.214.171.124 and prior
- Version 126.96.36.199 and prior
- Version 188.8.131.52 and prior
IBM WebSphere is prone to a remote code execution vulnerability. This vulnerability could allow remote attackers to execute Java code with a serialized object from untrusted sources. Attackers can exploit this issue to execute remote code on the host operating system with the privileges of root. Successful exploitation could allow an unauthenticated user to take control of the affected system and perform unauthorized actions.
- After appropriate testing, install updates once released by IBM.
- After appropriate testing, apply interim fix PI62375 to vulnerable version of software until a patch is released by IBM. Installation instructions can be found at the following URL: http://www-01.ibm.com/support/docview.wss?uid=swg24042712
- Verify no unauthorized system modifications have occurred on system before applying patch.
- Monitor intrusion detection systems for any signs of anomalous activity.