WebSphere Application Server Remote Code Execution Vulnerability (CVE-2025-36038)
July 1, 2025
Overview Recently, NSFOCUS CERT detected that IBM issued a security bulletin to fix the WebSphere Application Server remote code execution vulnerability (CVE-2025-36038); Due to a flaw in WebSphere Application Server’ s validation of user-entered data, an unauthenticated attacker could execute arbitrary code on the target system by constructing malicious serialized data. CVSS score 9.0, please […]
WebSphere Application Server High-Risk Remote Code Execution Vulnerability (CVE-2020-4450) Threat Alert
August 25, 2020
Overview
On June 5, Beijing time, IBM released a security bulletin to announce the fix of a high-risk remote code execution vulnerability (CVE-2020-4450) in WebSphere Application Server (WAS). This vulnerability was caused by deserialization of the Internet Inter-ORB Protocol (IIOP). It is assigned the CVSS base score of 9.8 and therefore is a high-risk one with an extensive impact.
(more…)