IBM WebSphere Application Server Vulnerability Identified

IBM WebSphere Application Server Vulnerability Identified

A cybersecurity alert was issued today, June 11, 2020, regarding a vulnerability in IBM WebSphere Application Server. The vulnerability could allow an attacker to execute remote code, which could potentially lead to a breach.

What It Is:
A vulnerability has been discovered in IBM WebSphere Application Server that could allow for remote code execution. IBM WebSphere Application Server is a software framework and middleware that hosts Java-based web applications.

Successful exploitation of this vulnerability could allow an attacker to execute remote code in the context of the affected application. Depending on the privileges associated with the application, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. Failed exploitation could result in a denial-of-service condition.

Read the original IBM Support Security Bulletin.

Threat Intelligence:
There is no report of this vulnerability being exploited in the wild.

Systems Affected:

• IBM WebSphere Application Server version 8.5.0.0 through 8.5.5.17
• IBM WebSphere Application Server version 9.0.0.0 through 9.0.5.3
• IBM WebSphere Virtual Enterprise Edition version 7.0
• IBM WebSphere Virtual Enterprise Edition version 8.0

Risk:
Government:
• Large and medium government entities: High
• Small government entities: Medium
Businesses:
• Large and medium business entities: High
• Small business entities: Medium
Home users: Low

What It Means:
If you and/or your business utilize the IBM WebSphere products mentioned above, you will need to upgrade to the latest version of IBM WebSphere Application Server immediately following proper testing.

Technical Summary:
A vulnerability has been discovered in IBM WebSphere Application Server that could allow for remote code execution. The specific flaw exists within the BroadcastMessageManager class. The issue results from the lack of proper validation of user-supplied data, which can result in the deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the system.

What To Do:
We recommend the following actions be taken:

• Upgrade to the latest version of IBM WebSphere Application Server immediately, after appropriate testing.
• Verify no unauthorized system modifications have occurred on system before applying patch.
• Apply the Principle of Least Privilege to all systems and services.
• Remind users not to visit websites or follow links provided by unknown or untrusted sources.

Negative Consequences of Lost or Stolen Data:
The loss or theft of proprietary data can have severe impacts, particularly if the compromise becomes public and sensitive information is exposed. Possible impacts include:

• Temporary or permanent loss of sensitive or proprietary information.
• Disruption to regular operations.
• Financial losses incurred to restore systems and files.
• Potential harm to an organization’s reputation.

Should your agency or business need assistance with issues arising from vulnerabilities in IBM WebSphere Application Server including updates and/or patches, Dox can help. Please contact Dox if there is anything we can do to assist in securing your agency, business, or organization.

Thank you for your time and stay safe online.