Advisory No: TZCERT/SA/2024/08/13-1
Date of First Release: 13th August 2024
Source: IBM
Software Affected: Moby
Overview:
Multiple IBM products depending on Moby are vulnerable to critical vulnerability. Attackers can exploit the vulnerability to bypass authorization in the affected system.
Description:
Multiple IBM products depending on Moby are affected by a critical vulnerability with CVSS base scores of 9.9 and tracked as CVE-2024-41110. The vulnerabilities is caused by improper authorization validation whereby through sending a specially crafted request, the attacker can bypass authorization plugins.
Impact:
Successful exploitation of this vulnerability may allow the attacker to bypass security controls in the affected system.
Solution:
IBM has released security patches for this vulnerability. Users and administrators are encouraged to apply necessary updates.
References: