Lucene search

IBM1B5870142CDD21BDB7D0E5282759B36A8D7013220B089F220675853BEF6DC980

HistoryApr 29, 2024 - 4:12 p.m.

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in kotlin

2024-04-2916:12:30

www.ibm.com

ibm watson discovery

cloud pak for data

kotlin

vulnerability

upgrade

version 4.8.5

remote attack

garbage collection

denial of service

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.8%

JSON

Summary

IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in kotlin

Vulnerability Details

CVEID:CVE-2022-3509
**DESCRIPTION:**protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the parsing procedure for textformat data. By sending non-repeated embedded messages with repeated or unknown fields, a remote authenticated attacker could exploit this vulnerability to cause long garbage collection pauses.
CVSS Base score: 5.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/239915 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s)	Version(s)
Watson Discovery	4.0.0-4.8.4

Remediation/Fixes

Upgrade to IBM Watson Discovery 4.8.5

<https://cloud.ibm.com/docs/discovery-data?topic=discovery-data-install>

Workarounds and Mitigations

None

CPENameOperatorVersion
watson discoveryeq4.0.0
watson discoveryeq4.8.4

CPE	Name	Operator	Version
	watson discovery	eq	4.0.0
	watson discovery	eq	4.8.4