Lucene search

K
ibmIBM16736BDC76D22C21547E48EFB8CDDC62FDD5AB41955327A05DD047CB18A3DEDC
HistoryNov 30, 2021 - 4:27 p.m.

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache Commons Compress

2021-11-3016:27:39
www.ibm.com
17

EPSS

0.014

Percentile

86.2%

Summary

IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Apache Commons Compress.

Vulnerability Details

CVEID:CVE-2021-35517
**DESCRIPTION:**Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compressโ€™ tar package.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/205307 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2021-36090
**DESCRIPTION:**Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compressโ€™ zip package.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/205310 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
Watson Discovery 4.0.0-4.0.2
Watson Discovery 2.0.0-2.2.1

Remediation/Fixes

Upgrade to IBM Watson Discovery 4.0.3

Upgrade to IBM Watson Discovery 2.2.1 and apply cpd-watson-discovery-2.2.1-patch-5

<https://cloud.ibm.com/docs/discovery-data?topic=discovery-data-install&gt;

<https://www.ibm.com/support/pages/available-patches-watson-discovery-ibm-cloud-pak-data&gt;

Workarounds and Mitigations

None

EPSS

0.014

Percentile

86.2%