1 results (0.006 seconds)

CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0

IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0, and 9.0 client provides classes that deserialize objects from untrusted sources which could allow a malicious user to execute arbitrary Java code by adding vulnerable classes to the classpath. IBM Reference #: 1983457. El cliente de IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0 y 9.0 provee clases que deserializan objetos desde fuentes no confiables que podrían permitir a un usuario malicioso ejecutar código Java arbitrario añadiendo clases vulnerables a la ruta de clase. IBM Referencia #: 1983457. • http://www-01.ibm.com/support/docview.wss?uid=swg21983457 http://www.securityfocus.com/bid/95317 http://www.securitytracker.com/id/1037561 • CWE-502: Deserialization of Untrusted Data •