Published On: Jan 18, 2025 15:12
Advisory No: TZCERT-SA-25-0053
Source: IBM
Software Affected: Node.js IP package
Multiple IBM products are vulnerable to a critical vulnerability. Exploitation of this vulnerability may allow an unauthenticated attacker to execute arbitrary code.
IBM products depending on Node.js IP package are affected by the vulnerability tracked as CVE-2023-42282 with a CVSS score of 9.8. The plugin is vulnerable due to a server-side request forgery flaw in the ip.isPublic() function. The vulnerability allows attackers to execute arbitrary code on the system and obtain sensitive information.
Successful exploitation of this vulnerability may allow the attackers to take control of affected system.
IBM has released a security patch for this vulnerability. Users and administrators are encouraged to apply necessary updates.
A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.
