CVE-2023-49886

CRITICAL

IBM Transformation Extender Advanced - Insecure Deserialization

Title source: rule

Description

IBM Standards Processing Engine 10.0.1.10 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe java deserialization. By sending specially crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system.

References (1)

[Vendor Advisory] https://www.ibm.com/support/pages/node/7247179

Scores

CVSS v3 9.8

EPSS 0.0080

EPSS Percentile 73.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-502

Status published

Affected Products (1)

ibm/transformation_extender_advanced

Timeline

Published Oct 06, 2025

Tracked Since Feb 18, 2026