Attacker Value
Unknown
(1 user assessed)
Exploitability
High
(1 user assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2019-4279 - IBM WebSphere Application Server

Disclosure Date: May 17, 2019 Last updated February 13, 2020
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 160445. – nvd.nist.gov description

Add Assessment

1
Ratings
  • Exploitability
    High
Technical Analysis

Deserialization flaw. I tested a module that was able to get SYSTEM access by exploiting the flaw.

General Information

Additional Info

Technical Analysis