IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.11, 9.0 before 9.0.0.2, and Liberty before 16.0.0.4 allows remote authenticated users to execute arbitrary Java code via a crafted serialized object.

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P
Vendors Products
Ibm
  • Websphere Application Server

Configuration 1 [-]

OR cpe:2.3:a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.6:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.7:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.8:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.9:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.10:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.11:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.12:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.13:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.14:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.15:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.16:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.17:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.18:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.19:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.21:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.22:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.23:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.24:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.25:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.27:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.28:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.29:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.31:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.32:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.33:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.34:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.35:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.36:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.37:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.38:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.39:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.41:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.0.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.0.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.0.0.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.0.0.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.0.0.6:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.0.0.7:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.0.0.8:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.0.0.9:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.0.0.10:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.0.0.11:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.0.0.12:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.5.0.0:-:liberty_profile:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.5.0.1:-:liberty_profile:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.5.0.2:-:liberty_profile:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.5.5.0:-:liberty_profile:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.5.5.1:-:liberty_profile:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.5.5.2:-:liberty_profile:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.5.5.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.5.5.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.5.5.6:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.5.5.7:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.5.5.8:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.5.5.9:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:9.0.0.0:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.6:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.7:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.8:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.9:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.10:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.11:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.12:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.13:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.14:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.15:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.16:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.17:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.18:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.19:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.21:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.22:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.23:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.24:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.25:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.27:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.28:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.29:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.31:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.32:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.33:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.34:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.35:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.36:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.37:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.38:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.39:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.41:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.0.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.0.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.0.0.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.0.0.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.0.0.6:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.0.0.7:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.0.0.8:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.0.0.9:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.0.0.10:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.0.0.11:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.0.0.12:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.5.0.0:-:liberty_profile:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.5.0.1:-:liberty_profile:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.5.0.2:-:liberty_profile:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.5.5.0:-:liberty_profile:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.5.5.1:-:liberty_profile:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.5.5.2:-:liberty_profile:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.5.5.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.5.5.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.5.5.6:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.5.5.7:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.5.5.8:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.5.5.9:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.5.5.10:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:9.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:9.0.0.1:*:*:*:*:*:*:*
References
Link Resource
http://www-01.ibm.com/support/docview.wss?uid=swg1PI62375 Broken Link
http://www.securityfocus.com/bid/93162
https://www-01.ibm.com/support/docview.wss?uid=swg21990060 Patch Vendor Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: ibm

Published: 2016-10-05T10:00:00

Updated: 2016-11-25T19:57:01

Reserved: 2016-06-29T00:00:00

Link: CVE-2016-5983

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2016-10-05T10:59:18.110

Modified: 2016-11-28T20:30:21.947

Link: CVE-2016-5983

JSON object: View

cve-icon Redhat Information

No data.

CWE