CVE-2018-1567: IBM WebSphere Application Server Remote Code Execution Vulnerability

Recently, IBM released a security bulletin stating a potential remote code execution vulnerability in WebSphere Application Server (CVE-2018-1567). An attacker can construct a malicious serialized object and then execute arbitrary JAVA code through a SOAP connector.

CVE-2018-1567

Affected version

IBM WebSphere Application Server:

  • Version 9.0
  • Version 8.5
  • Version 8.0
  • Version 7.0

Unaffected version

  • Version >= 9.0.0.10
  • Version >= 8.5.5.15

Solution

IBM official has released a new version to fix the above vulnerability, please affect the affected users as soon as possible to update the upgrade for protection.

Users can use the interim fix, Fix Pack or PTF with APARs PI95973 to upgrade. For details, please refer to the Remediation/Fixes section of the official description.