CVE-2018-1851
published 2018-10-31CVE-2018-1851: IBM WebSphere Application Server Liberty OpenID Connect could allow a remote attacker to execute arbitrary code on the system, caused by improper…
critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
IBM WebSphere Application Server Liberty OpenID Connect could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization. By sending a specially-crafted request to the RP service, an attacker could exploit this vulnerability to execute arbitrary code. IBM X-Force ID: 150999.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | websphere_application_server | < 18.0.0.3 | 18.0.0.3 |
| ibm | websphere_application_server | — | — |