Imechapishwa: Sep 23, 2024 07:57
Advisory No: TZCERT-SA-24-0026
Source: IBM
Software Affected: spring-framework
Multiple IBM products are vulnerable to a critical vulnerability. A remote attacker can exploit the vulnerability to execute arbitrary code.
Multiple IBM products depending on spring-framework are affected by a critical vulnerability with CVSS base scores of 9.8 and tracked as CVE-2022-22965. The vulnerability is a result of improper handling of PropertyDescriptor objects used with data binding. By sending specially crafted input, an attacker can exploit this vulnerability to execute arbitrary code on the system.
Successful exploitation of this vulnerability may allow the attacker to take control of the affected system.
IBM has released security patches for this vulnerability. Users and administrators are encouraged to apply necessary updates.
A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.
