Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM1D01F8E5DE7AE74C3B7DC47DCF3EE45B924A80B313E2712E8681753ED3ABC4DD
HistoryAug 03, 2020 - 4:22 p.m.

Security Bulletin: Possible denial of service attack affecting Watson Knowledge Catalog for IBM Cloud Pak for Data

2020-08-0316:22:19
www.ibm.com
4

0.003 Low

EPSS

Percentile

70.0%

JSON

Summary

A vulnerability in the Redis service packaged as part of Watson Knowledge Catalog for IBM Cloud Pak for Data could lead to denial of service attacks. The issue is now addressed.

Vulnerability Details

CVEID:CVE-2020-14147
**DESCRIPTION:**Redis is vulnerable to a denial of service, caused by an integer overflow in the getnum function in lua_struct.c in Redis. By sending a specially crafted command with a large number, a remote attacker could exploit this vulnerability to cause a stack-based buffer overflow, leading a denial of service…
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/183518 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Watson Knowledge Catalog for IBM Cloud Pak for Data 3.0.1

Remediation/Fixes

Install wkc-patch-3.0.1.2 for IBM Cloud Pak for Data.

See <https://www.ibm.com/support/pages/node/5693666&gt; for details.

Workarounds and Mitigations

The Redis service is only accessible from within the CPD RHOS cluster and not exposed to the outside. It greatly reduces the risk of possible attacks.

CPENameOperatorVersion
ibm cloud pak for dataeq2.5

Related

debian 2
ibm 4
openvas 4
nessus 8
veracode 1
cbl_mariner 2
osv 2
suse 1
mageia 1
alpinelinux 1
ubuntucve 1
cvelist 1
nvd 1
redhatcve 1
debiancve 1
cve 1
prion 1
gentoo 1
photon 6
oracle 1
debian
debian
[SECURITY] [DSA 4731-1] redis security update
2020-07-19 19:30:52
[SECURITY] [DSA 4731-1] redis security update
2020-07-19 19:30:52
ibm
ibm
Security Bulletin: Version 5.0.5 of Redis included in IBM Netcool Operations Insight 1.6.1.x has a security vulnerability (CVE-2020-14147)
2020-09-29 13:31:21
Security Bulletin: IBM DataPower Gateway is potentially vulnerable to a Denial of Service (CVE-2020-14147)
2021-06-08 22:33:53
Security Bulletin: IBM Event Streams is affected by a Redis vulnerability (CVE-2020-14147)
2020-09-26 19:08:06
openvas
openvas
Mageia: Security Advisory (MGASA-2020-0312)
2022-01-28 00:00:00
Debian: Security Advisory (DSA-4731-1)
2020-07-20 00:00:00
Redis < 6.0.3 Integer Overflow Vulnerability
2021-04-09 00:00:00
nessus
nessus
Photon OS 2.0: Redis PHSA-2020-2.0-0256
2020-07-07 00:00:00
RHEL 8 : 5_redis (Unpatched Vulnerability)
2024-06-03 00:00:00
Photon OS 1.0: Redis PHSA-2020-1.0-0304
2020-06-29 00:00:00
veracode
veracode
Denial Of Service (DoS)
2021-04-29 11:57:54
cbl_mariner
cbl_mariner
CVE-2020-14147 affecting package redis 5.0.5-7
2020-11-30 19:30:43
CVE-2020-14147 affecting package redis for versions less than 5.0.5-7
2022-04-09 06:51:55
osv
osv
redis - security update
2020-07-19 00:00:00
CVE-2020-14147
2020-06-15 18:15:14
suse
suse
Security update for redis (moderate)
2020-07-23 00:00:00
mageia
mageia
Updated redis packages fix security vulnerability
2020-08-01 02:25:42
alpinelinux
alpinelinux
CVE-2020-14147
2020-06-15 18:15:14
ubuntucve
ubuntucve
CVE-2020-14147
2020-06-15 00:00:00
cvelist
cvelist
CVE-2020-14147
2020-06-15 16:52:45
nvd
nvd
CVE-2020-14147
2020-06-15 18:15:14
redhatcve
redhatcve
CVE-2020-14147
2020-06-18 14:37:09
debiancve
debiancve
CVE-2020-14147
2020-06-15 18:15:14
cve
cve
CVE-2020-14147
2020-06-15 18:15:14
prion
prion
Integer overflow
2020-06-15 18:15:00
gentoo
gentoo
Redis: Multiple vulnerabilities
2020-08-27 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-1.0-0304
2020-06-26 00:00:00
Important Photon OS Security Update - PHSA-2020-0304
2020-06-27 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0256
2020-06-27 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2021
2021-01-19 00:00:00

0.003 Low

EPSS

Percentile

70.0%

JSON
Related for 1D01F8E5DE7AE74C3B7DC47DCF3EE45B924A80B313E2712E8681753ED3ABC4DD
debian2ibm4openvas4nessus8veracode1cbl_mariner2osv2suse1mageia1alpinelinux1ubuntucve1cvelist1nvd1redhatcve1debiancve1cve1prion1gentoo1photon6oracle1