Lucene search
IBMA5E2A06A3560CD420D102F46319819F683A77B8862A1B2F5BDE2AD8434B3DF6FHistoryNov 15, 2023 - 2:47 p.m.
Security Bulletin: Security Vulnerabilities in redisson package affect IBM Voice Gateway
2023-11-1514:47:31
www.ibm.com
10
ibm voice gateway
redisson package
security vulnerability
remote code execution
sms gateway
unsafe deserialization
cvss
upgrade
1.0.8.x images
Summary
Security Vulnerabilities in redisson package affect the SMS Gateway component of IBM Voice Gateway
Vulnerability Details
CVEID:CVE-2023-42809
**DESCRIPTION:**Redisson could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By persuading a victim to connect to specially crafted server, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268191 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| Voice Gateway | 1.0.7 |
| Voice Gateway | 1.0.6 |
| Voice Gateway | 1.0.2.4 |
| Voice Gateway | 1.0.4 |
| Voice Gateway | 1.0.7.1 |
| Voice Gateway | 1.0.2 |
| Voice Gateway | 1.0.8 |
| Voice Gateway | 1.0.5 |
| Voice Gateway | 1.0.3 |
Remediation/Fixes
Upgrade to the following IBM Voice Gateway 1.0.8.x images
ibmcom/voice-gateway-sms:1.0.8.8
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm voice gateway | eq | any |
Related
prion
prion
Deserialization of untrusted data
2023-10-04 20:15:00
veracode
veracode
Insecure Deserialization
2023-10-13 10:44:52
cve
cve
CVE-2023-42809
2023-10-04 20:15:10
osv
osv
CVE-2023-42809
2023-10-04 20:15:10
cvelist
cvelist
CVE-2023-42809 Redisson unsafe deserialization vulnerability
2023-10-04 19:18:39
7.9 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
30.9%
Related for A5E2A06A3560CD420D102F46319819F683A77B8862A1B2F5BDE2AD8434B3DF6F