4 matches found
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to arbitrary code execution due to redisson-3.17.7 (CVE-2023-42809)
Summary redisson is used by DataStage on Cloud Pak for Data as part of the Redis Java client. Vulnerability Details CVEID:CVE-2023-42809 DESCRIPTION: Redisson could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By persuading a victim to...
Security Bulletin: IBM Cloud Pak for Network Automation 2.7.6 addresses multiple security vulnerabilities
Summary IBM Cloud Pak for Network Automation 2.7.6 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2023-42809 DESCRIPTION: Redisson could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization fla...
CVE-2023-42809
Deserialization of untrusted data vulnerability was found in Redisson, as some messages received from the Redis server contain Java objects that the client deserializes without further validation. This flaw allows attackers who manage to trick clients into communicating with a malicious server to...
CVE-2023-42809
CVE-2023-42809 affects the Redisson Java Redis client (Netty). Before version 3.22.0, responses from a malicious Redis server could contain crafted Java objects that are deserialized by the client without sufficient validation, enabling arbitrary code execution and potential full system compromis...