CVE-2020-4449 – IBM WebSphere Application Server IIOP Deserialization of Untrusted Data Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-4449
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181230. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0 traditional, podría permitir a un atacante remoto obtener información confidencial con una secuencia de objetos serializados especialmente diseñada. ID de IBM X-Force: 181230 This vulnerability allows remote attackers to disclose sensitive information on affected installations of IBM WebSphere. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the IIOP protocol. • https://exchange.xforce.ibmcloud.com/vulnerabilities/181230 https://www.ibm.com/support/pages/node/6220296 https://www.zerodayinitiative.com/advisories/ZDI-20-690 • CWE-502: Deserialization of Untrusted Data •
CVE-2020-4448 – IBM WebSphere UploadFileArgument Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-4448
IBM WebSphere Application Server Network Deployment 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 181228. IBM WebSphere Application Server Network Deployment versiones 7.0, 8.0, 8.5 y 9.0, podría permitir a un atacante remoto ejecutar código arbitrario en el sistema con una secuencia de objetos serializados especialmente diseñada de fuentes no confiables. ID de IBM X-Force: 181228 This vulnerability allows remote attackers to execute arbitrary code on affected installations of IBM WebSphere. Authentication is not required to exploit this vulnerability. The specific flaw exists within the BroadcastMessageManager class. • https://exchange.xforce.ibmcloud.com/vulnerabilities/181228 https://www.ibm.com/support/pages/node/6220336 https://www.zerodayinitiative.com/advisories/ZDI-20-688 • CWE-502: Deserialization of Untrusted Data •
CVE-2020-4450 – IBM WebSphere Application Server IIOP Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-4450
IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181231. IBM WebSphere Application Server versiones 8.5 y 9.0 traditional, podría permitir a un atacante remoto ejecutar código arbitrario en el sistema con una secuencia de objetos serializados especialmente diseñada. ID de IBM X-Force: 181231 This vulnerability allows remote attackers to execute arbitrary code on affected installations of IBM WebSphere. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the IIOP protocol. • https://github.com/yonggui-li/CVE-2020-4464-and-CVE-2020-4450 https://exchange.xforce.ibmcloud.com/vulnerabilities/181231 https://www.ibm.com/support/pages/node/6220294 https://www.zerodayinitiative.com/advisories/ZDI-20-689 • CWE-502: Deserialization of Untrusted Data •
CVE-2020-4365
https://notcve.org/view.php?id=CVE-2020-4365
IBM WebSphere Application Server 8.5 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 178964. IBM WebSphere Application Server versión 8.5, es vulnerable a un ataque de tipo server-side request forgery. Al enviar una petición especialmente diseñada, un atacante autenticado remoto podría explotar esta vulnerabilidad para obtener datos confidenciales. • https://exchange.xforce.ibmcloud.com/vulnerabilities/178964 https://www.ibm.com/support/pages/node/6209099 • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2020-4329
https://notcve.org/view.php?id=CVE-2020-4329
IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841. IBM WebSphere Application Server versión 7.0, 8.0, 8.5, 9.0 y Liberty versiones 17.0.0.3 hasta 20.0.0.4, podrían permitir a un atacante remoto autentificado obtener información confidencial, causado por la comprobación de parámetros inapropiada. Esto podría ser explotado para llevar a cabo ataques de suplantación de identidad. • https://exchange.xforce.ibmcloud.com/vulnerabilities/177841 https://www.ibm.com/support/pages/node/6201862 •