CVE-2018-1567: IBM WebSphere Application Server Remote Code Execution Vulnerability
Recently, IBM released a security bulletin stating a potential remote code execution vulnerability in WebSphere Application Server (CVE-2018-1567). An attacker can construct a malicious serialized object and then execute arbitrary JAVA code through a SOAP connector.
Affected version
IBM WebSphere Application Server:
- Version 9.0
- Version 8.5
- Version 8.0
- Version 7.0
Unaffected version
- Version >= 9.0.0.10
- Version >= 8.5.5.15
Solution
IBM official has released a new version to fix the above vulnerability, please affect the affected users as soon as possible to update the upgrade for protection.
Users can use the interim fix, Fix Pack or PTF with APARs PI95973 to upgrade. For details, please refer to the Remediation/Fixes section of the official description.