Remote code execution in IBM Sterling Connect:Direct File Agent
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2018-7489 |
| CWE-ID | CWE-502 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Sterling Connect Direct File Agent Server applications / Other server solutions |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains one high risk vulnerability.
1) Deserialization of untrusted data
EUVDB-ID: #VU11268
Risk: High
CVSSv3.1: 7.8 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-7489
CWE-ID:
CWE-502 - Deserialization of Untrusted Data
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to bypass security restrictions and execute arbitrary code on the target system.
The weakness exists in the readValue method due to improper validation of user-input. A remote attacker can send malicious JSON input, bypass security restrictions and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Install update from vendor's website.
Vulnerable software versionsSterling Connect Direct File Agent: before 1.4.0.2.8
External linkshttp://www.ibm.com/support/pages/node/6474939
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
