CVE-2020-4589
https://notcve.org/view.php?id=CVE-2020-4589
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 184585. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0, podría permitir a un atacante remoto ejecutar código arbitrario en el sistema con una secuencia especialmente diseñada de objetos serializados de fuentes no confiables. • https://exchange.xforce.ibmcloud.com/vulnerabilities/184585 https://www.ibm.com/support/pages/node/6258333 • CWE-502: Deserialization of Untrusted Data •
CVE-2020-4534
https://notcve.org/view.php?id=CVE-2020-4534
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper handling of UNC paths. By scheduling a task with a specially-crafted UNC path, an attacker could exploit this vulnerability to execute arbitrary code with higher privileges. IBM X-Force ID: 182808. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0, podría permitir a un atacante autenticado local alcanzar privilegios elevados sobre el sistema, debido a un manejo inapropiado de las rutas UNC. Al programar una tarea con una ruta UNC especialmente diseñada, un atacante podría explotar esta vulnerabilidad para ejecutar código arbitrario con privilegios elevados. • https://exchange.xforce.ibmcloud.com/vulnerabilities/182808 https://www.ibm.com/support/pages/node/6255074 •
CVE-2020-4464 – IBM WebSphere Application Server SOAP Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-4464
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to execute arbitrary code on a system with a specially-crafted sequence of serialized objects over the SOAP connector. IBM X-Force ID: 181489. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0, tradicionalmente podría permitir a un atacante remoto ejecutar código arbitrario en un sistema con una secuencia especialmente diseñada de objetos serializados a través del conector SOAP. IBM X-Force ID: 181489 This vulnerability allows remote attackers to execute arbitrary code on affected installations of IBM WebSphere. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the SOAP protocol. • https://github.com/yonggui-li/CVE-2020-4464-and-CVE-2020-4450 https://exchange.xforce.ibmcloud.com/vulnerabilities/181489 https://www.ibm.com/support/pages/node/6250059 https://www.zerodayinitiative.com/advisories/ZDI-20-878 • CWE-502: Deserialization of Untrusted Data •
CVE-2020-4449 – IBM WebSphere Application Server IIOP Deserialization of Untrusted Data Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-4449
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181230. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0 traditional, podría permitir a un atacante remoto obtener información confidencial con una secuencia de objetos serializados especialmente diseñada. ID de IBM X-Force: 181230 This vulnerability allows remote attackers to disclose sensitive information on affected installations of IBM WebSphere. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the IIOP protocol. • https://exchange.xforce.ibmcloud.com/vulnerabilities/181230 https://www.ibm.com/support/pages/node/6220296 https://www.zerodayinitiative.com/advisories/ZDI-20-690 • CWE-502: Deserialization of Untrusted Data •
CVE-2020-4448 – IBM WebSphere UploadFileArgument Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-4448
IBM WebSphere Application Server Network Deployment 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 181228. IBM WebSphere Application Server Network Deployment versiones 7.0, 8.0, 8.5 y 9.0, podría permitir a un atacante remoto ejecutar código arbitrario en el sistema con una secuencia de objetos serializados especialmente diseñada de fuentes no confiables. ID de IBM X-Force: 181228 This vulnerability allows remote attackers to execute arbitrary code on affected installations of IBM WebSphere. Authentication is not required to exploit this vulnerability. The specific flaw exists within the BroadcastMessageManager class. • https://exchange.xforce.ibmcloud.com/vulnerabilities/181228 https://www.ibm.com/support/pages/node/6220336 https://www.zerodayinitiative.com/advisories/ZDI-20-688 • CWE-502: Deserialization of Untrusted Data •