Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransformer class in the Apache Commons Collections library.
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Sterling_b2b_integrator | Ibm | 5.2 (including) | 5.2 (including) |
Sterling_integrator | Ibm | 5.1 (including) | 5.1 (including) |
Tivoli_common_reporting | Ibm | 2.1 (including) | 2.1 (including) |
Tivoli_common_reporting | Ibm | 2.1.1 (including) | 2.1.1 (including) |
Tivoli_common_reporting | Ibm | 2.1.1.2 (including) | 2.1.1.2 (including) |
Tivoli_common_reporting | Ibm | 3.1 (including) | 3.1 (including) |
Tivoli_common_reporting | Ibm | 3.1.0.1 (including) | 3.1.0.1 (including) |
Tivoli_common_reporting | Ibm | 3.1.0.2 (including) | 3.1.0.2 (including) |
Tivoli_common_reporting | Ibm | 3.1.2 (including) | 3.1.2 (including) |
Tivoli_common_reporting | Ibm | 3.1.2.1 (including) | 3.1.2.1 (including) |
Watson_content_analytics | Ibm | 3.0 (including) | 3.0.0.6 (including) |
Watson_content_analytics | Ibm | 3.5 (including) | 3.5.0.3 (including) |
Watson_explorer_analytical_components | Ibm | 10.0 (including) | 10.0.0.2 (including) |
Watson_explorer_analytical_components | Ibm | 11.0 (including) | 11.0 (including) |
Watson_explorer_annotation_administration_console | Ibm | 10.0 (including) | 10.0.0.2 (including) |
Watson_explorer_annotation_administration_console | Ibm | 11.0 (including) | 11.0 (including) |
Websphere_application_server | Ibm | 7.0.0.0 (including) | 7.0.0.0 (including) |
Websphere_application_server | Ibm | 8.0.0.0 (including) | 8.0.0.0 (including) |
Websphere_application_server | Ibm | 8.5 (including) | 8.5 (including) |
Websphere_application_server | Ibm | 8.5.0.0 (including) | 8.5.0.0 (including) |
Websphere_application_server | Ibm | 8.5.5.5 (including) | 8.5.5.5 (including) |