Thursday, May 1, 2025
HomeCyber Security NewsIBM SDK, Java Technology Flaw Lets Remote Attacker Execute Arbitrary

IBM SDK, Java Technology Flaw Lets Remote Attacker Execute Arbitrary

Published on

SIEM as a Service

Follow Us on Google News

IBM has discovered a vulnerability in the IBM SDK, Java Technology Edition, that allows threat actors to execute arbitrary code on the system due to unsafe deserialization.

This vulnerability exists in the Object Request Broker (ORB) and is given a CVE ID: CVE-2022-40609.

ORB is a middleware application component that is used to make program calls between computers on the network using remote procedure calls (RPC). It also provided transparency about the location.

- Advertisement - Google News

CVE-2022-40609: Unsafe Deserialization Flaw

A remote attacker can exploit this vulnerability by sending specially crafted data, which will result in arbitrary code execution on the system. The CVSS Score for this vulnerability is given as 8.1 (High).

Affected Products & Fixed in Versions

Affected Product(s)Version(s)Fixed in Version
IBM SDK, Java Technology Edition8.0.8.0 and earlier7.1.5.19
IBM SDK, Java Technology Edition7.1.5.18 and earlier8.0.8.5

This vulnerability is classified on the CWE (Common Weakness Enumeration) with CWE-502: Deserialization of Untrusted Data

In response to this vulnerability, Red Hat has also released patches for their products Red Hat Enterprise Linux 7 Supplementary, and Red Hat Enterprise Linux 8 in order to fix this vulnerability.

Red Hat Enterprise Linux 7 with Java 1.7.1-ibm was found to be Out of support scope, as mentioned by Red Hat in their policies and advisory.

Furthermore, Tenable has also released plugins for this vulnerability for scanning this vulnerability through Nessus.

Nessus Plugins:

IDNameProductFamilySeverity
179134IBM Java 7.1 < 7.1.5.19 / 8.0 < 8.0.8.5NessusMiscCRITICAL
179054RHEL 7 : java-1.8.0-ibm (RHSA-2023:4160)NessusRed Hat Local Security ChecksHIGH

Users of these products are recommended to upgrade to the latest versions for preventing exploitation from threat actors.

Keep informed about the latest Cyber Security News by following us on GoogleNews, Linkedin, Twitter, and Facebook.

Eswar
Eswar
Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

Tor Browser 14.5.1 Released with Enhanced Security and New Features

The Tor Project has announced the official release of Tor Browser 14.5.1, introducing a...

Trellix Launches Phishing Simulator to Help Organizations Detect and Prevent Attacks

Trellix, a leader in cybersecurity solutions, has unveiled its latest innovation, the Trellix Phishing...

AiTM Phishing Kits Bypass MFA by Hijacking Credentials and Session Tokens

Darktrace's Security Operations Center (SOC) in late 2024 and early 2025, cybercriminals have been...

Nitrogen Ransomware Uses Cobalt Strike and Log Wiping in Targeted Attacks on Organizations

Threat actors have leveraged the Nitrogen ransomware campaign to target organizations through deceptive malvertising...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Tor Browser 14.5.1 Released with Enhanced Security and New Features

The Tor Project has announced the official release of Tor Browser 14.5.1, introducing a...

Trellix Launches Phishing Simulator to Help Organizations Detect and Prevent Attacks

Trellix, a leader in cybersecurity solutions, has unveiled its latest innovation, the Trellix Phishing...

AiTM Phishing Kits Bypass MFA by Hijacking Credentials and Session Tokens

Darktrace's Security Operations Center (SOC) in late 2024 and early 2025, cybercriminals have been...