IBM WebSphere RCE Java Deserialization Vulnerability

Description
  • An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by WebSphere Application Server and WebSphere Application Server Hypervisor Edition. This vulnerability does not affect the IBM HTTP Server or versions of WebSphere Application Server prior to Version 7.0. A remote attacker can execute arbitrary code on the system, caused by the deserialization of data with Java InvokerTransformer class. By sending specially crafted data, an attacker could exploit this vulnerability to execute arbitrary Java code on the system.
Remediation
  • Upgrade to the latest version of IBM WebSphere.
References