CVE-2016-5983

HIGH

IBM WebSphere Application Server (WAS) <9.0.0.2 - Authenticated RCE

Title source: llm

Description

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.11, 9.0 before 9.0.0.2, and Liberty before 16.0.0.4 allows remote authenticated users to execute arbitrary Java code via a crafted serialized object.

Exploits (1)

nomisec WRITEUP 1 stars

by BitWrecker · poc

https://github.com/BitWrecker/CVE-2016-5983

View Code ZIP pw:eip

References (3)

Core 3

Core References

Patch, Vendor Advisory x_refsource_confirm

https://www-01.ibm.com/support/docview.wss?uid=swg21990060

Broken Link vendor-advisory x_refsource_aixapar

http://www-01.ibm.com/support/docview.wss?uid=swg1PI62375

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/93162

Scores

CVSS v3 7.5

EPSS 0.1376

EPSS Percentile 94.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-284

Status published

Products (50)

ibm/websphere_application_server 7.0

ibm/websphere_application_server 7.0.0.0

ibm/websphere_application_server 7.0.0.1

ibm/websphere_application_server 7.0.0.2

ibm/websphere_application_server 7.0.0.3

ibm/websphere_application_server 7.0.0.4

ibm/websphere_application_server 7.0.0.5

ibm/websphere_application_server 7.0.0.6

ibm/websphere_application_server 7.0.0.7

ibm/websphere_application_server 7.0.0.8

... and 40 more

Published Oct 05, 2016

Tracked Since Feb 18, 2026