Описание
IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By sending specially-crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 236069.
A flaw was found in IBM SDK, Java Technology Edition, which could allow a remote attacker to execute arbitrary code on the system caused by an unsafe deserialization flaw. An attacker could exploit this vulnerability by sending specially-crafted data to execute arbitrary code on the system.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | java-1.7.1-ibm | Out of support scope | ||
| Red Hat Enterprise Linux 7 Supplementary | java-1.8.0-ibm | Fixed | RHSA-2023:4160 | 31.07.2023 |
| Red Hat Enterprise Linux 8 | java-1.8.0-ibm | Fixed | RHSA-2023:4103 | 17.07.2023 |
Показывать по
Дополнительная информация
Статус:
EPSS
8.1 High
CVSS3
Связанные уязвимости
IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By sending specially-crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 236069.
IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By sending specially-crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 236069.
Уязвимость набора средств разработки IBM SDK Java Technology Edition, связанная с недостатками механизма десериализации, позволяющая нарушителю выполнить произвольный код
EPSS
8.1 High
CVSS3