Aug 31, 2021 3:41 pm EDT
Categorized: High Severity
Share this post:
Impact The vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream’s security framework with a whitelist limited to the minimal required types. Patches If you rely on XStream’s default blacklist of the Security Framework, you will have to use at least version 1.4.17.
Affected product(s) and affected version(s):
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6483053
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/202795