Remote Code Execution Vulnerability in IBM Standards Processing Engine
CVE-2023-49886

9.8CRITICAL

Key Information:

Vendor: IBM
Status: Transformation Extender Advanced
Vendor: CVE Published:; 6 October 2025

What is CVE-2023-49886?

The IBM Standards Processing Engine 10.0.1.10 contains a vulnerability that could permit a remote attacker to execute arbitrary code on the affected system. This risk arises from an unsafe Java deserialization process. By crafting malicious input, an attacker can exploit this flaw, leading to potential unauthorized code execution on vulnerable servers. Organizations using this software should prioritize applying security patches to mitigate risks associated with this vulnerability.

Affected Version(s)

Transformation Extender Advanced 10.0.1.10

References

https://www.ibm.com/support/pages/node/7247179

vendor-advisorypatch

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 6, 2025
Vulnerability Reserved
Dec 1, 2023

JSON