This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.
The remote WebSphere Application Server is affected by a remote code
The remote IBM WebSphere Application Server is affected by a remote
code execution vulnerability due to unsafe deserialize calls of
unauthenticated Java objects to the Apache Commons Collections (ACC)
library. An unauthenticated, remote attacker can exploit this, by
sending a crafted SOAP request, to execute arbitrary code on the
See also :
Apply the appropriate interim fix per the vendor advisory.
Alternatively, ensure that all exposed ports used by the WebSphere
Application Server are firewalled from any public networks.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.3
Public Exploit Available : true