Published On: Jan 03, 2025 19:40
Advisory No: TZCERT-SA-25-0051
Source: IBM
Software Affected: ManageIQ kubeclient
IBM ManageIQ is vulnerable to a critical vulnerability. Exploitation of this vulnerability may allow an unauthenticated attacker to execute arbitrary code.
IBM ManageIQ kubeclient is affected by the vulnerability tracked as CVE-2022-0759 with a CVSS score of 9.1. The plugin is vulnerable due to a flaw when the kubeconfig file does not configure custom CA to verify certs. The vulnerability allows attackers to gain access to the communication channel between endpoints to obtain sensitive information or further compromise the system.
Successful exploitation of this vulnerability may allow the attackers to gain access to sensitive information.
IBM has released a security patch for this vulnerability. Users and administrators are encouraged to apply necessary updates.
A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.
