Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransformer class in the Apache Commons Collections library.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Sterling_b2b_integrator | Ibm | 5.2 (including) | 5.2 (including) |
| Sterling_integrator | Ibm | 5.1 (including) | 5.1 (including) |
| Tivoli_common_reporting | Ibm | 2.1 (including) | 2.1 (including) |
| Tivoli_common_reporting | Ibm | 2.1.1 (including) | 2.1.1 (including) |
| Tivoli_common_reporting | Ibm | 2.1.1.2 (including) | 2.1.1.2 (including) |
| Tivoli_common_reporting | Ibm | 3.1 (including) | 3.1 (including) |
| Tivoli_common_reporting | Ibm | 3.1.0.1 (including) | 3.1.0.1 (including) |
| Tivoli_common_reporting | Ibm | 3.1.0.2 (including) | 3.1.0.2 (including) |
| Tivoli_common_reporting | Ibm | 3.1.2 (including) | 3.1.2 (including) |
| Tivoli_common_reporting | Ibm | 3.1.2.1 (including) | 3.1.2.1 (including) |
| Watson_content_analytics | Ibm | 3.0 (including) | 3.0.0.6 (including) |
| Watson_content_analytics | Ibm | 3.5 (including) | 3.5.0.3 (including) |
| Watson_explorer_analytical_components | Ibm | 10.0 (including) | 10.0.0.2 (including) |
| Watson_explorer_analytical_components | Ibm | 11.0 (including) | 11.0 (including) |
| Watson_explorer_annotation_administration_console | Ibm | 10.0 (including) | 10.0.0.2 (including) |
| Watson_explorer_annotation_administration_console | Ibm | 11.0 (including) | 11.0 (including) |
| Websphere_application_server | Ibm | 7.0.0.0 (including) | 7.0.0.0 (including) |
| Websphere_application_server | Ibm | 8.0.0.0 (including) | 8.0.0.0 (including) |
| Websphere_application_server | Ibm | 8.5 (including) | 8.5 (including) |
| Websphere_application_server | Ibm | 8.5.0.0 (including) | 8.5.0.0 (including) |
| Websphere_application_server | Ibm | 8.5.5.5 (including) | 8.5.5.5 (including) |