WebSphere

WebSphere XML External Entity Injection Vulnerability (CVE-2020-4643) Handling Guide

October 14, 2020

Vulnerability Description

Recently, IBM released a security bulletin to announce the fix of an XML external entity injection (XXE) vulnerability (CVE-2020-4643) on WebSphere Application Server (WAS). Since WAS fails to properly process XML data, a remote attacker could exploit this vulnerability to obtain sensitive information on the server.

The NSFOCUS security research team reported CVE-2020-4643 to IBM. CVE-2020-4643 can be used in combination with CVE-2020-4450 to trigger an XXE vulnerability that requires no authentication to exploit, thereby causing the disclosure of sensitive server information. The vulnerability is comparatively easy to exploit and involves high risks. Affected users should take preventive measures as soon as possible.

(more…)

WebSphere Remote Code Execution Vulnerability (CVE-2020-4534) Threat Alert

September 4, 2020

1. Vulnerability Description

On July 31, 2020, Beijing time, IBM released a security bulletin which addressed a remote code execution vulnerability (CVE-2020-4534) in WebSphere Application Server (WAS). The vulnerability is caused by improper handling of UNC paths. An authenticated local attacker could exploit the vulnerability to execute arbitrary code. The vulnerability has a CVSS score of 7.8.

(more…)

WebSphere Remote Code Execution Vulnerability (CVE-2020-4450) Threat Alert

June 19, 2020

Vulnerability Description

On June 5, Beijing time, IBM released a security advisory to announce the fix of a remote code execution vulnerability (CVE-2020-4450) in WebSphere Application Server (WAS). This vulnerability is caused by deserialization of the IIOP protocol. An unauthenticated attacker could target the WAS server remotely via the IIOP protocol, causing arbitrary code execution on the target server to gain system privileges to take control of the server. This vulnerability is assigned the CVSS score of 9.8 and therefore is a high-risk one.

WebSphere Application Server is an enterprise-ready web middleware that is widely used in enterprises’ web services, thanks to its reliability, flexibility, and robustness. As this vulnerability has an extensive impact, affected users should take preventive measures as soon as possible.

(more…)

WebSphere Application Server Remote Code Execution Vulnerability (CVE-2020-4276 and CVE-2020-4362) Threat Alert

April 17, 2020

Overview

IBM released security advisories to announce the fix of two remote code execution vulnerabilities (CVE-2020-4276 and CVE-2020-4362) in WebSphere Application Server.

The two vulnerabilities exist when WebSphere uses token-based authentication in an admin request over the SOAP connector.

By sending a maliciously crafted request to WebSphere SOAP Connector, an attacker could execute arbitrary code on an affected server in an unauthorized way.

(more…)

WebSphere Arbitrary File Read Vulnerability (CVE-2019-4505) Threat Alert

October 14, 2019

  1. Vulnerability Description

On September 18, 2019, IBM officially released a security bulletin, disclosing an arbitrary file read vulnerability (CVE-2019-4505) in WebSphere (web service deployment middleware), which allows remote attackers to read sensitive files on the server via a crafted URL. This could result in attackers viewing any files in a certain directory, which may aid in further attacks. (more…)