CVE-2023-49886

CWE-502 — Deserialization of Untrusted Data3 documents3 sources

Severity

9.8CRITICAL

EPSS

1.2%

top 21.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Transformation Extender Advanced

Timeline

PublishedOct 6

Description

IBM Standards Processing Engine 10.0.1.10 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe java deserialization. By sending specially crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5ibm/transformation_extender_advanced10.0.1.10

▶NVDibm/transformation_extender_advanced10.0.1

🔴Vulnerability Details

GHSA

GHSA-mjq7-jm96-v224: IBM Standards Processing Engine 10↗2025-10-06

▶

CVEList

IBM Transformation Extender Advanced code execution↗2025-10-06

▶