A cybersecurity alert was issued today, June 11, 2020, regarding a vulnerability in IBM WebSphere Application Server. The vulnerability could allow an attacker to execute remote code, which could potentially lead to a breach.
What It Is:
A vulnerability has been discovered in IBM WebSphere Application Server that could allow for remote code execution. IBM WebSphere Application Server is a software framework and middleware that hosts Java-based web applications.
Successful exploitation of this vulnerability could allow an attacker to execute remote code in the context of the affected application. Depending on the privileges associated with the application, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. Failed exploitation could result in a denial-of-service condition.
Read the original IBM Support Security Bulletin.
There is no report of this vulnerability being exploited in the wild.
• IBM WebSphere Application Server version 188.8.131.52 through 184.108.40.206
• IBM WebSphere Application Server version 220.127.116.11 through 18.104.22.168
• IBM WebSphere Virtual Enterprise Edition version 7.0
• IBM WebSphere Virtual Enterprise Edition version 8.0
• Large and medium government entities: High
• Small government entities: Medium
• Large and medium business entities: High
• Small business entities: Medium
Home users: Low
What It Means:
If you and/or your business utilize the IBM WebSphere products mentioned above, you will need to upgrade to the latest version of IBM WebSphere Application Server immediately following proper testing.
A vulnerability has been discovered in IBM WebSphere Application Server that could allow for remote code execution. The specific flaw exists within the BroadcastMessageManager class. The issue results from the lack of proper validation of user-supplied data, which can result in the deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the system.
What To Do:
We recommend the following actions be taken:
• Upgrade to the latest version of IBM WebSphere Application Server immediately, after appropriate testing.
• Verify no unauthorized system modifications have occurred on system before applying patch.
• Apply the Principle of Least Privilege to all systems and services.
• Remind users not to visit websites or follow links provided by unknown or untrusted sources.
Negative Consequences of Lost or Stolen Data:
The loss or theft of proprietary data can have severe impacts, particularly if the compromise becomes public and sensitive information is exposed. Possible impacts include:
• Temporary or permanent loss of sensitive or proprietary information.
• Disruption to regular operations.
• Financial losses incurred to restore systems and files.
• Potential harm to an organization’s reputation.
Should your agency or business need assistance with issues arising from vulnerabilities in IBM WebSphere Application Server including updates and/or patches, Dox can help. Please contact Dox if there is anything we can do to assist in securing your agency, business, or organization.
Thank you for your time and stay safe online.