Recently, IBM officially issued a notice to fix the remote code execution (CVE-2020-4450) vulnerability in WebSphere Application Server (WAS). This vulnerability was caused by the deserialization of the IIOP protocol. Attackers can remotely attack the WAS server through the IIOP protocol, execute arbitrary code on the target server, obtain system permissions, and then take over the server. The CVSS score is 9.8, and the vulnerability risk is relatively high.
WebSphere Application Server is a software product that performs the role of a web application server. More specifically, it is a software framework and middleware that hosts Java-based web applications. It is the flagship product within IBM’s WebSphere software suite.
- WebSphere Application Server 18.104.22.168 – 22.214.171.124
- WebSphere Application Server 126.96.36.199 – 188.8.131.52
- WebSphere Application Server 184.108.40.206 – 220.127.116.11
- WebSphere Application Server 18.104.22.168 – 22.214.171.124
At present, IBM has released a patch to fix the vulnerability, and a security patch is also provided for the version that has been discontinued. Please the affected users install the patch as soon as possible for protection.