Lucene search

K
ibmIBM08B8528D3A6D61FA2D1957F79770BDFD4F2CBC3846E4C9D31A7764075F8F8ADD
HistoryJun 20, 2024 - 6:47 a.m.

Security Bulletin: IBM Watson Explorer affected by vulnerability in Apache ZooKeeper.(CVE-2024-23944)

2024-06-2006:47:46
www.ibm.com
15
ibm watson explorer
apache zookeeper
cve-2024-23944
vulnerability
upgrade
fix pack

AI Score

7.2

Confidence

High

Summary

IBM Watson Explorer Foundational Components contains a vulnerable version of Apache ZooKeeper.(CVE-2024-23944)

Vulnerability Details

**CVEID:**CVE-2024-23944 DESCRIPTION: Apache ZooKeeper could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in persistent watchers handling. By attaching a persistent watcher to a parent, an attacker could exploit this vulnerability to obtain information of the full path of znodes, and use this information to launch further attacks against the affected system.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/285579 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Watson Explorer DAE Foundational Components 12.0.0.0, 12.0.0.1 12.0.1, 12.0.2.0 - 12.0.2.2, 12.0.3.0 - 12.0.3.14
IBM Watson Explorer Foundational Components 11.0.0.0 - 11.0.0.3,
11.0.1,
11.0.2.0 - 11.0.2.18

Remediation/Fixes

Follow these steps to upgrade to the required version of Apache ZooKeeper.

The table reflects product names at the time the specified versions were released. To use the links to Fix Central in this table, you must first log in to the IBM Support: Fix Central site at http://www.ibm.com/support/fixcentral/.

Affected Product Affected Versions How to acquire and apply the fix
IBM Watson Explorer DAE
Foundational Components 12.0.0, 12.0.1, 12.0.2.0 - 12.0.2.2, 12.0.3.0 - 12.0.3.14 Upgrade to Version 12.0.3.15. See Watson Explorer Version 12.0.3.15 Foundational Components for download information and instructions.
IBM Watson Explorer
Foundational Components 11.0.0.0 - 11.0.0.3,
11.0.1,
11.0.2.0 - 11.0.2.18 Upgrade to Watson Explorer Foundational Components Version 11.0.2 Fix Pack 19. For information about this version, and links to the software and release notes, see the download document. For information about upgrading, see the upgrade procedures.

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmwatson_explorer_analytical_componentsMatch11.0.0
OR
ibmwatson_explorer_analytical_componentsMatch11.0.1
OR
ibmwatson_explorer_analytical_componentsMatch11.0.2
OR
ibmwatson_explorer_analytical_componentsMatch12.0.0
OR
ibmwatson_explorer_analytical_componentsMatch12.0.1
OR
ibmwatson_explorer_analytical_componentsMatch12.0.2
OR
ibmwatson_explorer_analytical_componentsMatch12.0.3
VendorProductVersionCPE
ibmwatson_explorer_analytical_components11.0.0cpe:2.3:a:ibm:watson_explorer_analytical_components:11.0.0:*:*:*:*:*:*:*
ibmwatson_explorer_analytical_components11.0.1cpe:2.3:a:ibm:watson_explorer_analytical_components:11.0.1:*:*:*:*:*:*:*
ibmwatson_explorer_analytical_components11.0.2cpe:2.3:a:ibm:watson_explorer_analytical_components:11.0.2:*:*:*:*:*:*:*
ibmwatson_explorer_analytical_components12.0.0cpe:2.3:a:ibm:watson_explorer_analytical_components:12.0.0:*:*:*:*:*:*:*
ibmwatson_explorer_analytical_components12.0.1cpe:2.3:a:ibm:watson_explorer_analytical_components:12.0.1:*:*:*:*:*:*:*
ibmwatson_explorer_analytical_components12.0.2cpe:2.3:a:ibm:watson_explorer_analytical_components:12.0.2:*:*:*:*:*:*:*
ibmwatson_explorer_analytical_components12.0.3cpe:2.3:a:ibm:watson_explorer_analytical_components:12.0.3:*:*:*:*:*:*:*

AI Score

7.2

Confidence

High

Related for 08B8528D3A6D61FA2D1957F79770BDFD4F2CBC3846E4C9D31A7764075F8F8ADD