SB2023111552 - IBM Voice Gateway update for redisson package

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023111552

SB2023111552 - IBM Voice Gateway update for redisson package

Published: November 15, 2023 Updated: February 11, 2026

Security Bulletin ID SB2023111552
Severity
High
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) Deserialization of Untrusted Data (CVE-ID: CVE-2023-42809)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to some of the messages received from the Redis server contain Java objects that the client deserializes without further validation. A remote attacker can manage to trick clients into communicating with a malicious server to include especially crafted objects in its responses that, once deserialized by the client, force it to execute arbitrary code. This can be abused to take control of the machine the client is running in.


Remediation

Install update from vendor's website.

References