CVE-2016-5983

high-risk

Published 2016-10-05

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.11, 9.0 before 9.0.0.2, and Liberty before 16.0.0.4 allows remote authenticated users to execute arbitrary Java code via a crafted serialized object.

Do I need to act?

!

13.8% chance of exploitation in next 30 days

EPSS score — higher than 86% of all CVEs

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

7

CVSS 7.5/10 High

NETWORK / HIGH complexity

Affected Products (20)

Websphere Application Server

Websphere Application Server

Websphere Application Server

Websphere Application Server

Websphere Application Server

Websphere Application Server

Websphere Application Server

Websphere Application Server

Websphere Application Server

Websphere Application Server

Websphere Application Server

Websphere Application Server

Websphere Application Server

Websphere Application Server

Websphere Application Server

Websphere Application Server

Websphere Application Server

Websphere Application Server

Websphere Application Server

Websphere Application Server

Affected Vendors

Ibm

References (6)

Broken Link http://www-01.ibm.com/support/docview.wss?uid=swg1PI62375

http://www.securityfocus.com/bid/93162

Patch https://www-01.ibm.com/support/docview.wss?uid=swg21990060

Broken Link http://www-01.ibm.com/support/docview.wss?uid=swg1PI62375

http://www.securityfocus.com/bid/93162

Patch https://www-01.ibm.com/support/docview.wss?uid=swg21990060

62

/ 100

high-risk

Severity 22/34 · High

Exploitability 12/34 · Low

Exposure 28/34 · Critical