#VU45825 Deserialization of untrusted data in IBM WebSphere Application Server - CVE-2020-4589
Published: August 20, 2020
Vulnerability identifier: #VU45825
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2020-4589
CWE-ID: CWE-502
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
IBM WebSphere Application Server
IBM WebSphere Application Server
Software vendor:
IBM Corporation
IBM Corporation
Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data. A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system.
The vulnerability only occurs if an undocumented customization has been applied by an administrator.
Remediation
Install updates from vendor's website.