SB2025042831 - IBM Cloud Pak for Network Automation update for redisson

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025042831

SB2025042831 - IBM Cloud Pak for Network Automation update for redisson

Published: April 28, 2025

Security Bulletin ID SB2025042831
Severity
High
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) Deserialization of Untrusted Data (CVE-ID: CVE-2023-42809)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to some of the messages received from the Redis server contain Java objects that the client deserializes without further validation. A remote attacker can manage to trick clients into communicating with a malicious server to include especially crafted objects in its responses that, once deserialized by the client, force it to execute arbitrary code. This can be abused to take control of the machine the client is running in.


Remediation

Install update from vendor's website.

References