Published On: Feb 21, 2025 11:05
Advisory No: TZCERT-SA-25-0060
Source: IBM
Software Affected: Terracotta Quartz Job Scheduler
IBM products are vulnerable to critical vulnerability. Exploitation of this vulnerability may allow an unauthenticated attacker to execute arbitrary code.
Multiple IBM products depending on Terracotta Quartz Job Scheduler package are affected by the vulnerability tracked as CVE-2023-39017 with CVSS scores of 9.8. The plugin is vulnerable due to improper neutralization of user supplied-input by the org.quartz.jobs.ee.jms.SendQueueMessageJob.execute component. The vulnerability allow attackers to execute arbitrary code on the system by sending a specially crafted request.
Successful exploitation of this vulnerability may allow the attackers to take control of affected system.
IBM has released security patch for this vulnerability. Users and administrators are encouraged to apply necessary updates.
A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.