Overview Recently, NSFOCUS CERT detected that IBM issued a security bulletin to fix the WebSphere Application Server remote code execution vulnerability (CVE-2025-36038); Due to a flaw in WebSphere Application Server’ s validation of user-entered data, an unauthenticated attacker could execute arbitrary code on the target system by constructing malicious serialized...
Tag: IBM
IBM WebSphere Application Server Remote Code Execution Vulnerability (CVE-2023-23477) Notice
Overview Recently, NSFOCUS CERT found that IBM officially fixed a remote code execution vulnerability in WebSphere Application Server (CVE-2023-23477). Due to the flaw in WebSphere Application Server's validation of the data entered by users, under certain conditions, unauthenticated remote attackers can finally execute arbitrary code on the target server by...
IBM Spectrum Protect Plus Directory Traversal and Arbitrary Code Execution Vulnerabilities (CVE-2020-4711, CVE-2020-4703) Threat Alert
Vulnerability Description On September 15, 2020, NSFOCUS detected that IBM released a security bulletin, which fixed directory traversal and arbitrary code execution vulnerabilities (CVE-2020-4711, CVE-2020-4703) in IBM Spectrum Protect Plus Administrative Console. The directory traversal vulnerability (CVE-2020-4711) exists in a script (/opt/ECX/tools/scripts/restore_wrapper.sh) within Spectrum Protect Plus. An unauthenticated attacker could...
