CVE-2020-4589: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 – RCE Vulnerability
Virsec Security Research Lab Vulnerability Report
The Virsec Security Research Lab, helmed by Virsec CTO, Satya Gupta, provides timely, relevant analysis about prevalent security vulnerabilities.
1.1 Vulnerability Summary
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects from untrusted sources. The vulnerability exists due to insecure input validation when processing serialized data. A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system. The vulnerability only occurs if an undocumented customization has been applied by an administrator.
Watch the video to learn more about this and other important vulnerabilities.
1.2 CVSS Score
The CVSS Base Score is 9.8 (Critical)
1.3 Affected Version
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0.
1.4 Vulnerability Attribution
As per IBM, this vulnerability was reported to IBM by Kylinking of NSFOCUS Security Team.
1.5 Risk Impact
IBM WebSphere Application Server is a set of Java-based tools designed for network administrators, web developers, and software engineers. It enables users to develop and host Java-based web applications, build and manage websites, and manage multiple technologies in a single interface. As per HG Insights, WebSphere is been used in various industries like Banking, Health, Software manufacturers, etc. for high traffic. Based on link, below is the adoption graph by industry, most the companies with high traffic uses WebSphere.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system. This is going to have an impact on confidentiality, integrity, and availability of these critical machines. No publicly available exploits are available for this vulnerability.
1.6 Virsec Security Platform (VSP) Support:
VSP-Host monitors processes that are spawned which are not part of a set of whitelisted process. Any attempt to execute new command or unknown binary would be denied by VSP-Host’s Process Monitoring capability.
1.7 Reference Links:
- https://www.cybersecurity-help.cz/vdb/SB2020082022
- https://www.ibm.com/support/pages/security-bulletin-websphere-application-server-vulnerable-remote-code-execution-vulnerability-cve-2020-4589
- https://vuldb.com/?id.159906
Download the full vulnerability report to learn more about this and other important vulnerabilities.
The post CVE-2020-4589: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 – RCE Vulnerability appeared first on Virsec Systems.
*** This is a Security Bloggers Network syndicated blog from Blog – Virsec Systems authored by Satya Gupta. Read the original post at: https://virsec.com/cve-2020-4589-ibm-websphere-application-server-7-0-8-0-8-5-and-9-0-rce-vulnerability/
