CVE-2023-49886 PUBLISHED

IBM Transformation Extender Advanced code execution

Assigner: ibm
Reserved: 01.12.2023 Published: 06.10.2025 Updated: 07.10.2025

IBM Standards Processing Engine 10.0.1.10 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe java deserialization. By sending specially crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 9.8

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	None	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	IBM
Product	Transformation Extender Advanced
Versions	Default: unaffected Version 10.0.1.10 is affected

Solutions

IBM strongly recommends addressing the vulnerability now.

Product(s)Version(s)Remediation/Fix/InstructionsTransformation Extender Advanced10.0.1.10 10.0.1.11 https://www.ibm.com/support/fixcentral/swg/selectFixes , 10.0.2.0 https://www.ibm.com/support/fixcentral/swg/selectFixes

References

https://www.ibm.com/support/pages/node/7247179

Problem Types

CWE-502 Deserialization of Untrusted Data CWE