IBM Watson Explorer Foundational Components contains a vulnerable version of Apache ZooKeeper.(CVE-2024-23944)
**CVEID:**CVE-2024-23944 DESCRIPTION: Apache ZooKeeper could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in persistent watchers handling. By attaching a persistent watcher to a parent, an attacker could exploit this vulnerability to obtain information of the full path of znodes, and use this information to launch further attacks against the affected system.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/285579 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Watson Explorer DAE Foundational Components | 12.0.0.0, 12.0.0.1 12.0.1, 12.0.2.0 - 12.0.2.2, 12.0.3.0 - 12.0.3.14 |
IBM Watson Explorer Foundational Components | 11.0.0.0 - 11.0.0.3, |
11.0.1, | |
11.0.2.0 - 11.0.2.18 |
Follow these steps to upgrade to the required version of Apache ZooKeeper.
The table reflects product names at the time the specified versions were released. To use the links to Fix Central in this table, you must first log in to the IBM Support: Fix Central site at http://www.ibm.com/support/fixcentral/.
Affected Product | Affected Versions | How to acquire and apply the fix |
---|---|---|
IBM Watson Explorer DAE | ||
Foundational Components | 12.0.0, 12.0.1, 12.0.2.0 - 12.0.2.2, 12.0.3.0 - 12.0.3.14 | Upgrade to Version 12.0.3.15. See Watson Explorer Version 12.0.3.15 Foundational Components for download information and instructions. |
IBM Watson Explorer | ||
Foundational Components | 11.0.0.0 - 11.0.0.3, | |
11.0.1, | ||
11.0.2.0 - 11.0.2.18 | Upgrade to Watson Explorer Foundational Components Version 11.0.2 Fix Pack 19. For information about this version, and links to the software and release notes, see the download document. For information about upgrading, see the upgrade procedures. |
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | watson_explorer_analytical_components | 11.0.0 | cpe:2.3:a:ibm:watson_explorer_analytical_components:11.0.0:*:*:*:*:*:*:* |
ibm | watson_explorer_analytical_components | 11.0.1 | cpe:2.3:a:ibm:watson_explorer_analytical_components:11.0.1:*:*:*:*:*:*:* |
ibm | watson_explorer_analytical_components | 11.0.2 | cpe:2.3:a:ibm:watson_explorer_analytical_components:11.0.2:*:*:*:*:*:*:* |
ibm | watson_explorer_analytical_components | 12.0.0 | cpe:2.3:a:ibm:watson_explorer_analytical_components:12.0.0:*:*:*:*:*:*:* |
ibm | watson_explorer_analytical_components | 12.0.1 | cpe:2.3:a:ibm:watson_explorer_analytical_components:12.0.1:*:*:*:*:*:*:* |
ibm | watson_explorer_analytical_components | 12.0.2 | cpe:2.3:a:ibm:watson_explorer_analytical_components:12.0.2:*:*:*:*:*:*:* |
ibm | watson_explorer_analytical_components | 12.0.3 | cpe:2.3:a:ibm:watson_explorer_analytical_components:12.0.3:*:*:*:*:*:*:* |