IBM Support

PM86780: Potential security vulnerability

Download


Abstract

Potential security vulnerability

Download Description

PM86780 resolves the following problem:

ERROR DESCRIPTION:
Potential security vulnerability

LOCAL FIX:

PROBLEM SUMMARY:
Deserialization of a maliciously crafted OpenJPA object can result in an executable file being written to the file system. An attacker needs to discover an unprotected server program to exploit this vulnerability. It then needs to exploit another unprotected server program to execute the file and gain access to the system. OpenJPA usage by itself does not introduce the vulnerability. The OpenJPA code ships with the WebSphere Application Server but WebSphere Application Server is NOT vulnerable to this issue.

PROBLEM CONCLUSION:
The code has been updated to resolve this issue.

For more information please refer to this security bulletin:


http://www-01.ibm.com/support/docview.wss?&uid=swg21635999

Prerequisites

NONE

Installation Instructions

Please review the readme.txt for detailed installation instructions.

[{"INLabel":"Readme","INLang":"US English","INSize":"4865 B","INURL":"https://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PM86780/7.0.0.27/readme.txt"}]
On
[{"DNLabel":"7.0.0.25-WS-WAS-IFPM86780","DNDate":"06-11-2013","DNLang":"US English","DNSize":"6640760","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=7.0.0.25-WS-WAS-IFPM86780&product=ibm%2FWebSphere%2FWebSphere+Application+Server&source=dbluesearch","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.0.0.4-WS-WAS-IFPM86780","DNDate":"11 Jun 2013","DNLang":"US English","DNSize":"8511608","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=8.0.0.4-WS-WAS-IFPM86780&product=ibm%2FWebSphere%2FWebSphere%20Application%20Server&source=dbluesearch","DNURL_FTP":" ","DDURL":null},{"DNLabel":"8.5.0.1-WS-WAS-IFPM86780","DNDate":"11 Jun 2013","DNLang":"US English","DNSize":"7052083","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=8.5.0.1-WS-WAS-IFPM86780&product=ibm%2FWebSphere%2FWebSphere%20Application%20Server&source=dbluesearch","DNURL_FTP":" ","DDURL":null}]

Technical Support

Contact IBM Support (https://www.ibm.com/mysupport/), visit the WebSphere Application Server support web site (https://www.ibm.com/mysupport/s/topic/0TO500000001DQQGA2/websphere-application-server?productId=01t50000004uSkiAAE), or contact 1-800-IBM-SERV (U.S. only).

[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Java Persistence API (JPA)","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF014","label":"iOS"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"8.5.0.2;8.5.0.1;8.0.0.6;8.0.0.5;8.0.0.4;7.0.0.27;7.0.0.25","Edition":"Base;Express;Network Deployment","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
22 October 2021

UID

swg24035168