HTTP: IBM WebSphere Application Server Remote Code Execution
This signature detects attempts to exploit a known vulnerability against IBM Websphere application. A successful attack can lead to arbitrary code execution.
Extended Description
By default, BMC PATROL Agent through 11.3.01 uses a static encryption key for encrypting/decrypting user credentials sent over the network to managed PATROL Agent services. If an attacker were able to capture this network traffic, they could decrypt these credentials and use them to execute code or escalate privileges on the network.
Affected Products
Bmc patrol_agent
References
CVE: CVE-2019-8352
Short Name
HTTP:CTS:IBM-WEBSPHERE-RCE
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
Application CVE-2019-8352 Code Execution IBM Remote Server WebSphere
Release Date
09/14/2020
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3337
Port
TCP/6988
False Positive
Unknown
Vendors
Bmc
CVSS Score
7.5