Tag: WebSphere

Vulnerability Description Recently, IBM released a security bulletin to announce the fix of an XML external entity injection (XXE) vulnerability (CVE-2020-4643) on WebSphere Application Server (WAS). Since WAS fails to properly process XML data, a remote attacker could exploit this vulnerability to obtain sensitive information on the server. The NSFOCUS...

1. Vulnerability Description On July 31, 2020, Beijing time, IBM released a security bulletin which addressed a remote code execution vulnerability (CVE-2020-4534) in WebSphere Application Server (WAS). The vulnerability is caused by improper handling of UNC paths. An authenticated local attacker could exploit the vulnerability to execute arbitrary code. The...

Vulnerability Description On June 5, Beijing time, IBM released a security advisory to announce the fix of a remote code execution vulnerability (CVE-2020-4450) in WebSphere Application Server (WAS). This vulnerability is caused by deserialization of the IIOP protocol. An unauthenticated attacker could target the WAS server remotely via the IIOP...

Overview IBM released security advisories to announce the fix of two remote code execution vulnerabilities (CVE-2020-4276 and CVE-2020-4362) in WebSphere Application Server. The two vulnerabilities exist when WebSphere uses token-based authentication in an admin request over the SOAP connector. By sending a maliciously crafted request to WebSphere SOAP Connector, an...

Vulnerability Description On September 18, 2019, IBM officially released a security bulletin, disclosing an arbitrary file read vulnerability (CVE-2019-4505) in WebSphere (web service deployment middleware), which allows remote attackers to read sensitive files on the server via a crafted URL. This could result in attackers viewing any files in a...