Guidance on Java Deserialization Vulnerability in WebSphere Application Server ND (CVE-2019-4279)
IBM issued a security bulletin on Wednesday 15th May that advised of a critical vulnerability affecting IBM WebSphere Application Server 8.5 and 9.0, which could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. This vulnerability has a CVSS Score of 10.
Non-Waratek customers should apply the WebSphere interim fix, Fix Pack or PTF from IBM as soon as possible. Note that WebSphere Application Server must be shutdown before applying the iFixes and must be restarted after applying the iFixes.
Waratek Customer Advice
- Existing Waratek Secure and Waratek Enterprise customers who have enabled the deserialization zero-day (CWE-502) rule in protect mode, are already protected. No further action is required.
- Existing Waratek Patch customers who have enabled the Process Forking ARMR rule in protection mode, are already protected.
- Waratek’s ARMR platform provides complete remediation to this zero-day critical vulnerability and therefore, Waratek customers do not have to apply IBMs patch for CVE-2019-4279 with urgency.
- All Waratek customer users can enable the corresponding rules for instant protection without having to restart the WebSphere Application Server.
- Non-Waratek customers who are affected by this IBM WebSphere vulnerability, as well as those using inefficient solutions based on pattern matching and signatures, should contact Waratek at email@example.com.