CVE-2023-49886
BaseFortify
Publication date: 2025-10-06
Last updated on: 2025-10-16
Assigner: IBM Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | transformation_extender_advanced | 10.0.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2023-49886 is a critical vulnerability in IBM Standards Processing Engine (also known as IBM Transformation Extender Advanced) version 10.0.1.10 caused by unsafe Java deserialization. This flaw allows a remote attacker to send specially crafted input that can lead to the execution of arbitrary code on the affected system without requiring any privileges or user interaction. [1]
How can this vulnerability impact me? :
This vulnerability can have a severe impact as it allows a remote attacker to execute arbitrary code on the affected system. This means the attacker could potentially take full control of the system, compromising confidentiality, integrity, and availability of data and services. The CVSS score of 9.8 indicates a high risk with network attack vector, low complexity, and no need for privileges or user interaction. [1]
What immediate steps should I take to mitigate this vulnerability?
IBM strongly recommends applying the fixes available in versions 10.0.1.10, 10.0.1.11, and 10.0.2.0 of IBM Transformation Extender Advanced (IBM Standards Processing Engine). No workarounds or mitigations are provided, so updating to a fixed version is the immediate step to mitigate this vulnerability. [1]