Response Guide of IBM WebSphere Code Execution Vulnerability

Response Guide of IBM WebSphere Code Execution Vulnerability

setembro 18, 2018 | Adeline Zhang

Recently IBM released a remote code execution vulnerability (CVE-2018-1567) in WebSphere application server. It could allow remote attackers to execute arbitrary Java code through the SOAP connector with a serialized object from untrusted sources.

CVSS: 9.8

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected versions:

  • IBM WebSphere 9.0.0.0 – 9.0.0.9
  • IBM WebSphere 8.5.0.0 – 8.5.5.14
  • IBM WebSphere 8.0.0.0 – 8.0.0.15
  • IBM WebSphere7.0.0.0 – 7.0.0.45

Unaffected versions:

  • IBM WebSphere 9.0.0.10 (not released)
  • IBM WebSphere 8.5.5.15 (not released)

Note:

WebSphere Application Server V7 and V8 are no longer in full support.

Vulnerability Detection and Remediation

Checking versions

Users can check whether the currently used version is affected or not. Detailed procedures are as follows:

Windows system:

Run the command line, enter the WebSphere installation directory and execute the following commands:

cd\bin

versionInfo.bat

Linux and Unix systems:

Run the command line, enter the WebSphere installation directory and execute the following commands:

cd /bin

./versionInfo.sh

You will see the version description in the returned result as below:

To check detailed version information, please refer to: http://www-01.ibm.com/support/docview.wss?uid=swg21393876

Fixing Vulnerability

The vendor has released  interim fixes for users. We recommend users to keep close attention to release of new versions for a long-term protection.

Version 9.0-9.0.0.9

Interim fix: https://ak-delivery04-mul.dhe.ibm.com/sar/CMA/WSA/07sgc/0/9.0.0.4-ws-was-ifpi95973.zip

Installation procedures: ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PI95973/9.0.0.8/readme.txt

Upgrade to: version 9.0.0.10 (to be released in Q4 2018)

Version 8.5-8.5.5.14

Interim fix: https://ak-delivery04-mul.dhe.ibm.com/sar/CMA/WSA/07sga/1/8.5.5.11-ws-was-ifpi95973.zip

Installation procedures: ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PI95973/8.5.5.14/readme.txt

Upgrade to: version 8.5.5.15 (to be released in Q1 2019)

Version 8.0-8.0.0.15

Interim fix: https://ak-delivery04-mul.dhe.ibm.com/sar/CMA/WSA/07sgh/0/8.0.0.15-ws-was-ifpi95973.zip

Installation procedures:  ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PI95973/8.0.0.15/readme.txt

This version is no longer supported.

Version 7.0-7.0.0.45

Interim fix: https://ak-delivery04-mul.dhe.ibm.com/sar/CMA/WSA/07sgb/0/7.0.0.45-ws-was-ifpi95973.pak

Installation procedures:  ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PI95973/7.0.0.45/readme.txt

This version is no longer supported.

Reference links:

https://www-01.ibm.com/support/docview.wss?uid=swg22016254

https://exchange.xforce.ibmcloud.com/vulnerabilities/143024