CVE-2026-13773
IBM WebSphere eXtreme Scale is affected by server side request forgery when ORB is used as Transport Protocol
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 6EPSS 3.0%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Ciclo de vida
30 jun 2026Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 Approximately 50 generated CORBA stub classes in WebSphere eXtreme Scale's ogclient.jar call ORB.string_to_object() on an attacker-controlled IOR string during Java deserialization, turning any unfiltered ObjectInputStream sink in WAS into outbound IIOP SSRF to an attacker-chosen host; when chained with the IBM ORB's getUserException class-instantiation flaw (WAS-26), this SSRF escalates to remote code execution on the calling JVM.
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
Produtos afetados
IBM · WebSphere Extreme ScaleQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →