In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-01-16 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)05/31 Report--
This article shows you how to analyze the ultra-dangerous and high-risk vulnerabilities in IBM WebSphere Application Server repaired by IBM. The content is concise and easy to understand, and it will definitely brighten your eyes. I hope you can get something through the detailed introduction of this article.
IBM fixes two extremely dangerous vulnerabilities in IBM WebSphere Application Server that can be exploited by remote attackers to execute arbitrary code.
In April, security researchers aliased as' tint0' 'discovered three serious deserialization vulnerabilities affecting IBM WebSphere ApplicationServer.
Two of these vulnerabilities (CVE-2020-4450 and CVE-2020-4448) are rated as ultra-dangerous remote code execution vulnerabilities, and the third is a high-risk information disclosure vulnerability.
IBM WebSphere is a software framework and middleware that hosts Java-based web applications.
The security expert reported vulnerabilities to IBM through Trend Micro's Zero Day Initiative (ZDI) team in mid-April, and IBM publicly disclosed these vulnerabilities last week.
Both CVE-2020-4450 and CVE-2020-4448 have a CVSS score of 9.8, which is due to the lack of correct validation of the data submitted by the user, resulting in deserialization of untrusted data.
"remote attackers can exploit this vulnerability to execute arbitrary code on the affected IBM WebSphere," IBM wrote in a security bulletin from CVE-2020-4448. Exploiting this vulnerability does not require authentication.
"the vulnerability lies in the BroadcastMessageManager class due to the lack of proper validation of data submitted by the user, resulting in deserialization of untrusted data."
CVE-2020-4448 exists in the BroadcastMessageManager class, which can be exploited by an attacker to execute arbitrary code with SYSTEM privileges.
CVE-2020-4450 exists in the processing of the IIOP protocol, which can be exploited by an attacker to execute code with root privileges.
An attacker can exploit this vulnerability by sending a series of specially constructed serialized objects.
These two vulnerabilities affect IBM WebSphere Application Server 8. 5 and 9. 0 CVEMY 2020-4448 and also affect WebSphere Virtual Enterprise Edition.
The third vulnerability, numbered CVE-2020-4449, affects IIOP deserialization, which can be exploited by remote unauthenticated attackers to cause information disclosure by sending a series of specially constructed serialized objects.
The above content is how to analyze IBM to fix ultra-dangerous and high-risk vulnerabilities in IBM WebSphere Application Server. Have you learned the knowledge or skills? If you want to learn more skills or enrich your knowledge reserve, you are welcome to follow the industry information channel.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
