CVE-2018-1904

HIGH

IBM WebSphere Application Server <9.0 - RCE

Title source: llm

Description

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through an administrative client class with a serialized object from untrusted sources. IBM X-Force ID: 152533.

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/106193

[VDB Entry, Vendor Advisory] https://exchange.xforce.ibmcloud.com/vulnerabilities/152533

[Patch, Vendor Advisory] https://www-01.ibm.com/support/docview.wss?uid=ibm10738735

Scores

CVSS v3 8.1

EPSS 0.0078

EPSS Percentile 73.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-502

Status published

Affected Products (1)

ibm/websphere_application_server < 7.0.0.45

Timeline

Published Dec 11, 2018

Tracked Since Feb 18, 2026