目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1336 CNY

100%

CVE-2026-13759— IBM WebSphere eXtreme Scale 反序列化注入漏洞

CVSS 7.5 · High EPSS 0.30% · P22

Affected Version Matrix 1

ベンダープロダクトVersion Rangeステータス
IBMWebSphere Extreme Scale8.6.1.0≤ 8.6.1.6affected
新しい脆弱性情報の通知を購読するログインして購読

I. CVE-2026-13759の基本情報

脆弱性情報

脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗

高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。

脆弱性タイトル
IBM WebSphere eXtreme Scale is affected by Insecure Deserilization
ソース: NVD (National Vulnerability Database)
脆弱性説明
IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 ships three ObjectInputStream subclasses (WsObjectInputStream, ObjectStreamPool$ReusableInputStream, ObjectInputStreamResolver) that install no JEP-290 class filter; when Coherence is on the classpath, multiple RCE gadget chains including RemoteConstructor.readResolve and PriorityQueue/ExtractorComparator are confirmed working, allowing a post-login attacker who can write a session attribute or a LAN-adjacent attacker on the grid replication wire to execute arbitrary code on peer WAS JVMs
ソース: NVD (National Vulnerability Database)
CVSS情報
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
可信数据的反序列化
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
IBM WebSphere eXtreme Scale 反序列化注入漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
IBM WebSphere eXtreme Scale是美国IBM公司的一个弹性数据缓存和对象网格平台。 IBM WebSphere Extreme Scale 8.6.1.0版本至8.6.1.6版本存在反序列化注入漏洞,该漏洞源于三个ObjectInputStream子类未安装JEP-290类过滤器,当Coherence在类路径上时,多个远程代码执行小工具链可被利用,允许登录后能写入会话属性的攻击者或LAN相邻的攻击者在网格复制线路上执行任意代码。
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)

影響を受ける製品

ベンダープロダクト影響を受けるバージョンCPE購読
IBMWebSphere Extreme Scale 8.6.1.0 ~ 8.6.1.6 cpe:2.3:a:ibm:websphere_extreme_scale:8.6.1.0:*:*:*:*:*:*:*

II. CVE-2026-13759の公開POC

#POC説明ソースリンクShenlongリンク
AI生成POCプレミアム

公開POCは見つかりませんでした。

ログインしてAI POCを生成

III. CVE-2026-13759のインテリジェンス情報

登录查看更多情报信息。

CVE-2026-13759 厂商安全公告 (1)

Same Patch Batch · IBM · 2026-06-30 · 43 CVEs total

CVE-2026-1013410.0 CRITICALUnauthenticated Server-Side RCE via PythonCodeStructuredTool in Public Flows
CVE-2026-78739.9 CRITICALCode Injection Vulnerability in Code Validation Endpoint
CVE-2026-78719.8 CRITICALInsecure Deserialization in Redis Cache Backend
CVE-2026-78039.8 CRITICALFlow Validation Bypass via Empty Component Type Field
CVE-2026-101099.8 CRITICALIBM® Db2® is vulnerable to remote code execution due to improper pre-auth DRDA handshake h
CVE-2026-101409.6 CRITICALCross-Tenant API Key Reuse and Billing Fraud in Langflow Voice Mode Subsystem
CVE-2026-117089.3 CRITICALIBM WebSphere Application Server is affected by a cross-site scripting vulnerability
CVE-2026-117129.3 CRITICALIBM WebSphere Application Server is affected by a cross-site scripting vulnerability
CVE-2026-76639.1 CRITICALUnauthenticated Cross-User MCP Resource Access and Tool Execution via Streamable Transport
CVE-2026-78749.1 CRITICALWeak Cryptographic Key Derivation Exposed All Stored Credentials
CVE-2026-101298.5 HIGHSSRF via HTTP Redirect Following in Langflow API Request Component
CVE-2026-115948.5 HIGHIBM WebSphere Application Server is affected by multiple cross-site scripting vulnerabilit
CVE-2026-117148.5 HIGHIBM WebSphere Application Server Liberty is affected by an authorization bypass vulnerabil
CVE-2026-105648.2 HIGHSSRF Vulnerability in Langflow OSS Legacy Components Bypasses Protection
CVE-2026-105608.2 HIGHUnauthenticated Access to Private Flow Build Events and Cancellation in Langflow OSS
CVE-2025-363598.1 HIGHIBM DevOps Loop is susceptible to an Insufficient Session Expiration vulnerability.
CVE-2026-134497.6 HIGHXXE attack in IBM Business Automation Manager Open Editions
CVE-2026-137727.5 HIGHIBM WebSphere eXtreme Scale's OQL is affected by remote code execution
CVE-2026-115417.4 HIGHIBM WebSphere Application Server and WebSphere Application Server Liberty are affected by
CVE-2026-118067.2 HIGHIBM WebSphere Application Server Liberty is affected by a an arbitrary file read vulnerabi

Showing 20 of 43 CVEs. View all on vendor page →

IV. 関連脆弱性

V. CVE-2026-13759へのコメント

まだコメントはありません


コメントを残す