Critical RCE Vulnerability in IBM products (CVE-2022-22965)

Published On: Sep 23, 2024 07:57

Advisory No: TZCERT-SA-24-0026

Source: IBM

Software Affected: spring-framework

Overview

Multiple IBM products are vulnerable to a critical vulnerability. A remote attacker can exploit the vulnerability to execute arbitrary code.

Description

Multiple IBM products depending on spring-framework are affected by a critical vulnerability with CVSS base scores of 9.8 and tracked as CVE-2022-22965. The vulnerability is a result of improper handling of PropertyDescriptor objects used with data binding. By sending specially crafted input, an attacker can exploit this vulnerability to execute arbitrary code on the system.

Impact

Successful exploitation of this vulnerability may allow the attacker to take control of the affected system.

Solution

IBM has released security patches for this vulnerability. Users and administrators are encouraged to apply necessary updates.

Subscribe To TZ - CERT Newsletter

A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.

Subscribe
Report Incident