Skip Ribbon Commands
Skip to main content
Computer Security Incident Response Team of Mauritius (CERT-MU)

VN-2018-60


IBM WebSphere Commerce Lets Remote Authenticated Users Execute Server Side Code on the Target System
Severity Rating: Medium
Systems Affected:
·         Red Hat JBoss Enterprise Application Platform 5 for Red Hat Enterprise Linux 5.
Description
A vulnerability has been reported in Red Hat JBoss and can be exploited by remote attackers to  execute arbitrary code on the target system. This vulnerability can allow remote attackers to send a specially crafted UserResource RichFaces expression language that contains a tainted java serialized object org.ajax4jsf.resource.UserResource$UriData expression that will trigger deserialization after clearing white list protections. As a result, arbitrary code may be executed on the target system.
Solution
Users are advised to apply updates.
More information is available on:
Vendor Information
RedHat
CVE Information
 
References
RedHat Security Advisory
Security Tracker
Contact Information
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis