CVE-2023-23477: 
IBM WebSphere App Server vulnerability analysis and mitigation

IBM WebSphere Application Server 8.5 and 9.0 traditional was found to contain a remote code execution vulnerability (CVE-2023-23477) that could allow a remote attacker to execute arbitrary code on the system using a specially crafted sequence of serialized objects. The vulnerability was discovered in January 2023 and affects versions 9.0.0.0 through 9.0.5.7 and 8.5.0.0 through 8.5.5.19 (IBM Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 9.8 CRITICAL (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) by NIST NVD, while IBM Corporation assigned it a score of 8.1 HIGH (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). The vulnerability is classified as CWE-94 (Improper Control of Generation of Code) and involves code injection issues (NVD).

If successfully exploited, this vulnerability allows remote attackers to execute arbitrary code on the affected system, potentially leading to complete system compromise with high impacts on confidentiality, integrity, and availability (IBM Advisory).

IBM recommends upgrading to fix pack version 9.0.5.8 or later for V9.0.0.0 through 9.0.5.7, and fix pack version 8.5.5.20 or later for V8.5.0.0 through 8.5.5.19. No workarounds are available (IBM Advisory).