CVE-2020-4464
HIGHIBM WebSphere Application Server 7.0.0.0-7.0.0.44 - Remote Code Execution via SOAP Connector Deserialization
Title source: llmExploitation Summary
EIP tracks 2 public exploits for CVE-2020-4464. PoCs published by silentsignal, yonggui-li.
AI-analyzed exploit summary This repository contains a functional exploit PoC for CVE-2020-4464, leveraging a deserialization vulnerability in IBM WebSphere's WSIF gadget chain. It includes an RMI server and a serialized payload generator to achieve remote code execution.
Description
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to execute arbitrary code on a system with a specially-crafted sequence of serialized objects over the SOAP connector. IBM X-Force ID: 181489.
Exploits (2)
This repository contains a functional exploit PoC for CVE-2020-4464, leveraging a deserialization vulnerability in IBM WebSphere's WSIF gadget chain. It includes an RMI server and a serialized payload generator to achieve remote code execution.
The repository contains minimal and incomplete content, with no functional exploit code for CVE-2020-4464. The files include a placeholder README and trivial Go code that does not demonstrate the vulnerability.
References (3)
Scores
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H