Fluid Attacks Database

Description

A flaw was found in IBM SDK, Java Technology Edition, which could allow a remote attacker to execute arbitrary code on the system caused by an unsafe deserialization flaw. An attacker could exploit this vulnerability by sending specially-crafted data to execute arbitrary code on the system.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel7	java-1.7.1-ibm	-	-
rpm rhel8	java-1.8.0-ibm	<1:1.8.0.8.5-1.el8_8	1:1.8.0.8.5-1.el8_8

Aliases

1. CVE-2022-406092. NVD-2022-406093. OSV-2022-40609

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.