Overview
- Description
- Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransformer class in the Apache Commons Collections library.
- Source
- psirt@us.ibm.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 10
- Impact score
- 10
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:C/I:C/A:C
Known exploits
Data from CISA
- Vulnerability name
- IBM WebSphere Application Server and Server Hypervisor Edition Code Injection.
- Exploit added on
- Jan 10, 2022
- Exploit action due
- Jul 10, 2022
- Required action
- Apply updates per vendor instructions.
Weaknesses
- nvd@nist.gov
- NVD-CWE-noinfo
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:sterling_b2b_integrator:5.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F805BA3A-178D-416E-9DED-4258F71A17C8"
},
{
"criteria": "cpe:2.3:a:ibm:sterling_integrator:5.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8597A678-3633-4F5D-95A9-5AAB168F92B7"
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_common_reporting:2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F56C076E-A4FB-432F-A7CB-0C37CDEC94C0"
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_common_reporting:2.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "393AB012-4F9C-4893-827E-4480AEC16DE5"
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_common_reporting:2.1.1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A792593C-B2D4-425D-9EC4-3581A77474B5"
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_common_reporting:3.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7A1B8DFB-2004-4449-A4A7-802662D571EB"
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_common_reporting:3.1.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F1938833-B19E-4DF2-8E2C-E2ADE876D44B"
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_common_reporting:3.1.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2DBE91DF-8844-4ADB-AC02-839305F82B0F"
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_common_reporting:3.1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BED14B09-F9FF-4DB4-9404-0D3A2BAC7FDD"
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_common_reporting:3.1.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5D680D54-EE53-4658-98E1-64F316D23177"
},
{
"criteria": "cpe:2.3:a:ibm:watson_content_analytics:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "18D82CA9-8AFE-44FF-956C-F2B8E42B3EB4",
"versionEndIncluding": "3.0.0.6",
"versionStartIncluding": "3.0"
},
{
"criteria": "cpe:2.3:a:ibm:watson_content_analytics:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B22F02C8-BF16-4202-82B7-E167E0F6FC75",
"versionEndIncluding": "3.5.0.3",
"versionStartIncluding": "3.5"
},
{
"criteria": "cpe:2.3:a:ibm:watson_explorer_analytical_components:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "58412A55-8780-417E-9E89-AF9F5DD19BC4",
"versionEndIncluding": "10.0.0.2",
"versionStartIncluding": "10.0"
},
{
"criteria": "cpe:2.3:a:ibm:watson_explorer_analytical_components:11.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8AAD3A69-115D-4D6C-B5A9-7590E97B15A9"
},
{
"criteria": "cpe:2.3:a:ibm:watson_explorer_annotation_administration_console:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "41147B26-C469-48EE-B139-C0D0B07BBDED",
"versionEndIncluding": "10.0.0.2",
"versionStartIncluding": "10.0"
},
{
"criteria": "cpe:2.3:a:ibm:watson_explorer_annotation_administration_console:11.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "66634C1B-0E8A-48FD-A0DC-D5AD4CF29EC7"
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.0:*:*:*:-:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A0507670-6059-4164-AD54-A5172DE8313F"
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.0.0.0:*:*:*:-:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A207B0AA-DF2F-4B1B-9D87-D812E33ADBD0"
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:traditional:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6C43FBAC-2DD2-43CB-AC5F-56741BB2A31C"
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5.0.0:*:*:*:hypervisor:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AB001073-3FE0-452B-94FB-57B4555F7CE9"
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5.5.5:*:*:*:liberty:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3029A691-2288-453A-8FC0-7598EF60357C"
}
],
"operator": "OR"
}
]
}
]