Recently IBM released a remote code execution vulnerability (CVE-2018-1567) in WebSphere application server. It could allow remote attackers to execute arbitrary Java code through the SOAP connector with a serialized object from untrusted sources.
CVSS: 9.8
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected versions:
- IBM WebSphere 9.0.0.0 – 9.0.0.9
- IBM WebSphere 8.5.0.0 – 8.5.5.14
- IBM WebSphere 8.0.0.0 – 8.0.0.15
- IBM WebSphere7.0.0.0 – 7.0.0.45
Unaffected versions:
- IBM WebSphere 9.0.0.10 (not released)
- IBM WebSphere 8.5.5.15 (not released)
Note:
WebSphere Application Server V7 and V8 are no longer in full support.
Vulnerability Detection and Remediation
Checking versions
Users can check whether the currently used version is affected or not. Detailed procedures are as follows:
Windows system:
Run the command line, enter the WebSphere installation directory and execute the following commands:
cd\bin
versionInfo.bat
Linux and Unix systems:
Run the command line, enter the WebSphere installation directory and execute the following commands:
cd /bin
./versionInfo.sh
You will see the version description in the returned result as below:
To check detailed version information, please refer to: http://www-01.ibm.com/support/docview.wss?uid=swg21393876
Fixing Vulnerability
The vendor has released interim fixes for users. We recommend users to keep close attention to release of new versions for a long-term protection.
Version 9.0-9.0.0.9
Interim fix: https://ak-delivery04-mul.dhe.ibm.com/sar/CMA/WSA/07sgc/0/9.0.0.4-ws-was-ifpi95973.zip
Installation procedures: ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PI95973/9.0.0.8/readme.txt
Upgrade to: version 9.0.0.10 (to be released in Q4 2018)
Version 8.5-8.5.5.14
Interim fix: https://ak-delivery04-mul.dhe.ibm.com/sar/CMA/WSA/07sga/1/8.5.5.11-ws-was-ifpi95973.zip
Installation procedures: ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PI95973/8.5.5.14/readme.txt
Upgrade to: version 8.5.5.15 (to be released in Q1 2019)
Version 8.0-8.0.0.15
Interim fix: https://ak-delivery04-mul.dhe.ibm.com/sar/CMA/WSA/07sgh/0/8.0.0.15-ws-was-ifpi95973.zip
Installation procedures: ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PI95973/8.0.0.15/readme.txt
This version is no longer supported.
Version 7.0-7.0.0.45
Interim fix: https://ak-delivery04-mul.dhe.ibm.com/sar/CMA/WSA/07sgb/0/7.0.0.45-ws-was-ifpi95973.pak
Installation procedures: ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PI95973/7.0.0.45/readme.txt
This version is no longer supported.
Reference links:
https://www-01.ibm.com/support/docview.wss?uid=swg22016254
https://exchange.xforce.ibmcloud.com/vulnerabilities/143024
