DataStage 8.5 - Security Bulletin: Vulnerability in Apache Commons affects IBM WebSphere Application Server (CVE-2015-7450) (Doc ID 2133162.1)

Last updated on JUNE 09, 2017

Applies to:

PeopleSoft Enterprise EPM Performance Management Warehouse - Version 9.1 and later
Information in this document applies to any platform.

Symptoms

On: PeopleSoft Enterprise EPM Performance Management Warehouse 9.1; DataStage 8.5 FP1; Installation/Configuration

DataStage 8.5 AIX lpar showing security issue

ERROR
=======
87171 IBM WebSphere Java Object Deserialization RCE Critical Web Servers

STEPS
======
Description: The remote IBM WebSphere Application Server is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections (ACC) library. An unauthenticated, remote attacker can exploit this, by sending a crafted SOAP request, to execute arbitrary code on the target host.
 
BUSINESS IMPACT
================
The issue has the following business impact:
Security vulnerability.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms