CVE-2020-27583

CRITICAL

IBM InfoSphere Information Server 8.5.0.0 - Code Injection

Title source: llm

Description

IBM InfoSphere Information Server 8.5.0.0 is affected by deserialization of untrusted data which could allow remote unauthenticated attackers to execute arbitrary code. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

References (1)

[Exploit, Third Party Advisory] https://n4nj0.github.io/advisories/ibm-infosphere-java-deserialization/

Scores

CVSS v3 9.8

EPSS 0.0423

EPSS Percentile 88.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-502

Status published

Affected Products (1)

ibm/infosphere_information_server

Timeline

Published Jan 26, 2021

Tracked Since Feb 18, 2026