CVE-2015-7450

CRITICAL KEV NUCLEI

IBM Sterling B2B Integrator - Remote Code Execution via Apache Commons Collections Deserialization

Title source: llm

Exploitation Summary

CVE-2015-7450 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added January 10, 2022. EIP tracks 3 public exploits from researchers including Metasploit, Liatsis Fotios @liatsisfotios, including a Metasploit module exploits/windows/misc/ibm_websphere_java_deserialize. A Nuclei detection template is also available.

AI-analyzed exploit summary This Metasploit module exploits CVE-2015-7450, an unsafe Java deserialization vulnerability in IBM WebSphere Application Server, allowing unauthenticated remote code execution via crafted SOAP requests.

Description

Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransformer class in the Apache Commons Collections library.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/41613

View Code ZIP pw:eip

This Metasploit module exploits CVE-2015-7450, an unsafe Java deserialization vulnerability in IBM WebSphere Application Server, allowing unauthenticated remote code execution via crafted SOAP requests.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: IBM WebSphere Application Server 7.0.0.0

No auth needed

Prerequisites: Network access to IBM WebSphere SOAP endpoint · Vulnerable version of IBM WebSphere

MITRE ATT&CK

T1189 - Drive-by Compromise T1213 - Data from Information Repositories

devstral-2 · analyzed Feb 16, 2026 Full analysis →

vulncheck_xdb WRITEUP

remote

https://github.com/swisskyrepo/PayloadsAllTheThings

View Code ZIP pw:eip

This repository contains a detailed technical writeup on IIS Machine Keys and ViewState manipulation, including formats, locations, and tools for identification and exploitation. It does not include functional exploit code but provides in-depth analysis and references for CVE-2015-7450.

Classification

Writeup 100%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Theoretical

Target: Microsoft IIS with ASP.NET ViewState

No auth needed

Prerequisites: Access to ViewState data · Knowledge of machine key or ability to brute-force

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1078 - Valid Accounts

devstral-2 · analyzed Feb 25, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by Liatsis Fotios @liatsisfotios · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/ibm_websphere_java_deserialize.rb

View Code ZIP pw:eip

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: IBM WebSphere Application Server 7.0.0.0

No auth needed

Prerequisites: Network access to the target WebSphere server · SOAP endpoint exposed on port 8880

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 19, 2026 Full analysis →

Nuclei Templates (1)

IBM WebSphere Java Object Deserialization - Remote Code Execution

CRITICALby wdahlenb

Shodan: http.html:"IBM WebSphere Portal" || http.html:"ibm websphere portal"

FOFA: body="ibm websphere portal"

References (10)

Core 10

Core References

Broken Link x_refsource_confirm

http://www-01.ibm.com/support/docview.wss?uid=swg21971733