{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-49886","assignerOrgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","state":"PUBLISHED","assignerShortName":"ibm","dateReserved":"2023-12-01T01:47:32.863Z","datePublished":"2025-10-06T14:47:55.517Z","dateUpdated":"2026-02-26T17:48:16.179Z"},"containers":{"cna":{"affected":[{"cpes":["cpe:2.3:a:ibm:transformation_extender_advanced:10.0.1.10:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","product":"Transformation Extender Advanced","vendor":"IBM","versions":[{"status":"affected","version":"10.0.1.10"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"IBM Standards Processing Engine 10.0.1.10 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe java deserialization. By sending specially crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system."}],"value":"IBM Standards Processing Engine 10.0.1.10 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe java deserialization. By sending specially crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-502","description":"CWE-502 Deserialization of Untrusted Data","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","shortName":"ibm","dateUpdated":"2025-10-06T14:47:55.517Z"},"references":[{"tags":["vendor-advisory","patch"],"url":"https://www.ibm.com/support/pages/node/7247179"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p><strong>IBM strongly recommends addressing the vulnerability now.</strong></p><div><table><tbody><tr><td><strong>Product(s)</strong></td><td><strong>Version(s)</strong></td><td><strong>Remediation/Fix/Instructions</strong></td></tr><tr><td>Transformation Extender Advanced</td><td>10.0.1.10</td><td><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&amp;product=ibm/Other+software/Standards+Processing+Engine&amp;release=10.0.1.11&amp;platform=All&amp;function=all\">10.0.1.11 </a>, <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&amp;product=ibm/Other+software/Standards+Processing+Engine&amp;release=10.0.2.0&amp;platform=All&amp;function=all\">10.0.2.0</a></td></tr></tbody></table></div><br>\n\n<br>"}],"value":"IBM strongly recommends addressing the vulnerability now.\n\nProduct(s)Version(s)Remediation/Fix/InstructionsTransformation Extender Advanced10.0.1.10 10.0.1.11  https://www.ibm.com/support/fixcentral/swg/selectFixes ,  10.0.2.0 https://www.ibm.com/support/fixcentral/swg/selectFixes"}],"source":{"discovery":"UNKNOWN"},"title":"IBM Transformation Extender Advanced code execution","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2023-49886","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2025-10-07T03:55:59.118996Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-02-26T17:48:16.179Z"}}]}}