Critical Vulnerability in IBM Products (CVE-2023-39017)

Published On: Feb 21, 2025 11:05

Advisory No: TZCERT-SA-25-0060

Source: IBM

Software Affected: Terracotta Quartz Job Scheduler

Overview

IBM products are vulnerable to critical vulnerability. Exploitation of this vulnerability may allow an unauthenticated attacker to execute arbitrary code.

Description

Multiple IBM products depending on Terracotta Quartz Job Scheduler package are affected by the vulnerability tracked as CVE-2023-39017 with CVSS scores of 9.8. The plugin is vulnerable due to improper neutralization of user supplied-input by the org.quartz.jobs.ee.jms.SendQueueMessageJob.execute component. The vulnerability allow attackers to execute arbitrary code on the system by sending a specially crafted request.

Impact

Successful exploitation of this vulnerability may allow the attackers to take control of affected system.

Solution

IBM has released security patch for this vulnerability. Users and administrators are encouraged to apply necessary updates.

Subscribe To TZ - CERT Newsletter

A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.

Subscribe
Report Incident