{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-12-10T00:00:00", "descriptions": [{"lang": "en", "value": "Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransformer class in the Apache Commons Collections library."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-07T09:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971733"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971342"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971758"}, {"name": "77653", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/77653"}, {"name": "1035125", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1035125"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972799"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971376"}, {"name": "41613", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/41613/"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970575"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2015-7450", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransformer class in the Apache Commons Collections library."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21971733", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971733"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21971342", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971342"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21971758", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971758"}, {"name": "77653", "refsource": "BID", "url": "http://www.securityfocus.com/bid/77653"}, {"name": "1035125", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1035125"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21972799", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972799"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21971376", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971376"}, {"name": "41613", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/41613/"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21970575", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970575"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T07:51:27.382Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971733"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971342"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971758"}, {"name": "77653", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/77653"}, {"name": "1035125", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1035125"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972799"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971376"}, {"name": "41613", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/41613/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970575"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2015-7450", "datePublished": "2016-01-02T21:00:00", "dateReserved": "2015-09-29T00:00:00", "dateUpdated": "2024-08-06T07:51:27.382Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"cisaActionDue": "2022-07-10", "cisaExploitAdd": "2022-01-10", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "IBM WebSphere Application Server and Server Hypervisor Edition Code Injection.", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:sterling_b2b_integrator:5.2:*:*:*:*:*:*:*", "matchCriteriaId": "F805BA3A-178D-416E-9DED-4258F71A17C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:sterling_integrator:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "8597A678-3633-4F5D-95A9-5AAB168F92B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_common_reporting:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "F56C076E-A4FB-432F-A7CB-0C37CDEC94C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_common_reporting:2.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "393AB012-4F9C-4893-827E-4480AEC16DE5", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_common_reporting:2.1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "A792593C-B2D4-425D-9EC4-3581A77474B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_common_reporting:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "7A1B8DFB-2004-4449-A4A7-802662D571EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_common_reporting:3.1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "F1938833-B19E-4DF2-8E2C-E2ADE876D44B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_common_reporting:3.1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "2DBE91DF-8844-4ADB-AC02-839305F82B0F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_common_reporting:3.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "BED14B09-F9FF-4DB4-9404-0D3A2BAC7FDD", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_common_reporting:3.1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "5D680D54-EE53-4658-98E1-64F316D23177", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:watson_content_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "18D82CA9-8AFE-44FF-956C-F2B8E42B3EB4", "versionEndIncluding": "3.0.0.6", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:watson_content_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "B22F02C8-BF16-4202-82B7-E167E0F6FC75", "versionEndIncluding": "3.5.0.3", "versionStartIncluding": "3.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:watson_explorer_analytical_components:*:*:*:*:*:*:*:*", "matchCriteriaId": "58412A55-8780-417E-9E89-AF9F5DD19BC4", "versionEndIncluding": "10.0.0.2", "versionStartIncluding": "10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:watson_explorer_analytical_components:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "8AAD3A69-115D-4D6C-B5A9-7590E97B15A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:watson_explorer_annotation_administration_console:*:*:*:*:*:*:*:*", "matchCriteriaId": "41147B26-C469-48EE-B139-C0D0B07BBDED", "versionEndIncluding": "10.0.0.2", "versionStartIncluding": "10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:watson_explorer_annotation_administration_console:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "66634C1B-0E8A-48FD-A0DC-D5AD4CF29EC7", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.0:*:*:*:-:*:*:*", "matchCriteriaId": "A0507670-6059-4164-AD54-A5172DE8313F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.0.0.0:*:*:*:-:*:*:*", "matchCriteriaId": "A207B0AA-DF2F-4B1B-9D87-D812E33ADBD0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:traditional:*:*:*", "matchCriteriaId": "6C43FBAC-2DD2-43CB-AC5F-56741BB2A31C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5.0.0:*:*:*:hypervisor:*:*:*", "matchCriteriaId": "AB001073-3FE0-452B-94FB-57B4555F7CE9", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5.5.5:*:*:*:liberty:*:*:*", "matchCriteriaId": "3029A691-2288-453A-8FC0-7598EF60357C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransformer class in the Apache Commons Collections library."}, {"lang": "es", "value": "Interfaces de objetos serializados en determinados productos IBM analytics, business solutions, cognitive, IT infrastructure y mobile and social permiten a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de un objeto Java serializado manipulado, relacionado con la clase InvokerTransformer en la librer\u00eda Apache Commons Collections."}], "id": "CVE-2015-7450", "lastModified": "2024-07-24T17:02:03.383", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-01-02T21:59:15.800", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970575"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971342"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971376"}, {"source": "psirt@us.ibm.com", "tags": ["Broken Link"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971733"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971758"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972799"}, {"source": "psirt@us.ibm.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/77653"}, {"source": "psirt@us.ibm.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1035125"}, {"source": "psirt@us.ibm.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/41613/"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}