IBM Java SDK 7.1.5.18/8.0.8.0 Remote Code Execution via Unsafe Deserialization
CVE-2022-40609 Published on August 2, 2023

IBM SDK, Java Technology Edition code execution
IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By sending specially-crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 236069.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2022-40609 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:
NETWORK
Attack Complexity:
HIGH
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH

Weakness Type

What is a Marshaling, Unmarshaling Vulnerability?

The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

CVE-2022-40609 has been classified to as a Marshaling, Unmarshaling vulnerability or weakness.


Products Associated with CVE-2022-40609

Want to know whenever a new CVE is published for IBM Sdk? stack.watch will email you.

IBM Sdk
 

Affected Versions

IBM SDK, Java Technology Edition Version 7.1.5.18, 8.0.8.0 is affected by CVE-2022-40609

Exploit Probability

EPSS
0.10%
Percentile
27.16%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.