Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM2A886D8CB9AC6D68B48A1C33D91DB18965D34B83466B5EF5EF1D84EEC6DA8AF8
HistoryAug 05, 2024 - 9:42 p.m.

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Mozilla Firefox arbitrary code execution vulnerability [CVE-2024-4367]

2024-08-0521:42:56
www.ibm.com
8
ibm watson assistant
ibm cloud pak for data
vulnerability
mozilla firefox
code execution
cve-2024-4367
upgrade

AI Score

8.3

Confidence

High

JSON

Summary

Potential Mozilla Firefox arbitrary code execution vulnerability [CVE-2024-4367] have been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information.

Vulnerability Details

CVEID:CVE-2024-4367
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a missing type check when handling fonts in PDF.js. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/290483 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s) Affected Version(s)
IBM Watson Assistant for IBM Cloud Pak for Data 4.0 - 5.0

Remediation/Fixes

For all affected versions, IBM strongly recommends addressing the vulnerability now by upgrading to the latest (v5.0.1 or later releases) release of IBM Watson Assistant for IBM Cloud Pak for Data which maintains backward compatibility with the versions listed above.

Product Latest Version Remediation/Fix/Instructions
IBM Watson Assistant for IBM Cloud Pak for Data 5.0.1

Follow instructions for Installing Watson Assistant in Link to Release (v5.0.1 release information)

https://www.ibm.com/docs/en/cloud-paks/cp-data/5.0.x

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmwatson_assistant_for_ibm_cloud_pak_for_dataMatch4.0
OR
ibmwatson_assistant_for_ibm_cloud_pak_for_dataMatch5.0
VendorProductVersionCPE
ibmwatson_assistant_for_ibm_cloud_pak_for_data4.0cpe:2.3:a:ibm:watson_assistant_for_ibm_cloud_pak_for_data:4.0:*:*:*:*:*:*:*
ibmwatson_assistant_for_ibm_cloud_pak_for_data5.0cpe:2.3:a:ibm:watson_assistant_for_ibm_cloud_pak_for_data:5.0:*:*:*:*:*:*:*

Related

nessus 54
osv 21
redhatcve 1
veracode 1
githubexploit 10
debiancve 1
wpvulndb 1
openvas 23
cve 1
vulnrichment 1
cvelist 1
nvd 1
ubuntucve 1
github 2
thn 1
almalinux 4
oraclelinux 6
redhat 18
ubuntu 3
freebsd 1
debian 4
kaspersky 3
slackware 2
rocky 3
amazon 1
mageia 2
mozilla 3
wordfence 1
nessus
nessus
Debian dsa-5742 : odoo-14 - security update
2024-08-08 00:00:00
Debian dla-3815 : firefox-esr - security update
2024-05-16 00:00:00
RHEL 8 : firefox (RHSA-2024:3783)
2024-06-10 00:00:00
osv
osv
odoo - security update
2024-08-08 00:00:00
CGA-r47q-8q9v-57w9
2024-06-06 12:29:14
Arbitrary JavaScript execution due to using outdated libraries
2024-06-05 14:15:50
redhatcve
redhatcve
CVE-2024-4367
2024-05-14 18:54:47
veracode
veracode
Remote Code Execution (RCE)
2024-05-08 04:43:35
githubexploit
githubexploit
Exploit for CVE-2024-4367
2024-05-20 22:56:10
Exploit for CVE-2024-4367
2024-05-22 18:05:47
Exploit for CVE-2024-4367
2024-05-22 23:18:20
debiancve
debiancve
CVE-2024-4367
2024-05-14 18:15:12
wpvulndb
wpvulndb
PDF.js < 4.2.67 - Arbitrary JavaScript Execution
2024-06-03 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-5742-1)
2024-08-09 00:00:00
Debian: Security Advisory (DLA-3817-1)
2024-05-21 00:00:00
Mageia: Security Advisory (MGASA-2024-0191)
2024-05-22 00:00:00
cve
cve
CVE-2024-4367
2024-05-14 18:15:12
vulnrichment
vulnrichment
CVE-2024-4367
2024-05-14 17:21:23
cvelist
cvelist
CVE-2024-4367
2024-05-14 17:21:23
nvd
nvd
CVE-2024-4367
2024-05-14 18:15:12
ubuntucve
ubuntucve
CVE-2024-4367
2024-05-14 00:00:00
github
github
PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF
2024-05-07 10:25:08
Arbitrary JavaScript execution due to using outdated libraries
2024-06-05 14:15:50
thn
thn
Researchers Uncover Flaws in Python Package for AI Models and PDF.js Used by Firefox
2024-05-21 10:22:00
almalinux
almalinux
Moderate: firefox security update
2024-06-10 00:00:00
Important: thunderbird security update
2024-05-16 00:00:00
Moderate: thunderbird security update
2024-06-10 00:00:00
oraclelinux
oraclelinux
thunderbird security update
2024-05-20 00:00:00
firefox security update
2024-05-16 00:00:00
firefox security update
2024-06-11 00:00:00
redhat
redhat
(RHSA-2024:2913) Important: thunderbird security update
2024-05-20 07:31:47
(RHSA-2024:2912) Important: thunderbird security update
2024-05-20 07:31:21
(RHSA-2024:3338) Moderate: thunderbird security update
2024-05-23 12:00:18
ubuntu
ubuntu
Thunderbird vulnerabilities
2024-05-22 00:00:00
Firefox regressions
2024-05-29 00:00:00
Firefox vulnerabilities
2024-05-21 00:00:00
freebsd
freebsd
Gitlab -- Vulnerabilities
2024-05-22 00:00:00
debian
debian
[SECURITY] [DSA 5691-1] firefox-esr security update
2024-05-15 17:48:47
[SECURITY] [DSA 5693-1] thunderbird security update
2024-05-17 17:04:52
[SECURITY] [DLA 3817-1] thunderbird security update
2024-05-20 08:15:13
kaspersky
kaspersky
KLA67587 Multiple vulnerabilities in Mozilla Firefox ESR
2024-05-14 00:00:00
KLA67450 Multiple vulnerabilities in Mozilla Thunderbird
2024-05-15 00:00:00
KLA67588 Multiple vulnerabilities in Mozilla Firefox
2024-05-14 00:00:00
slackware
slackware
[slackware-security] mozilla-thunderbird
2024-06-12 21:36:48
[slackware-security] mozilla-firefox
2024-05-14 19:27:14
rocky
rocky
thunderbird security update
2024-06-14 13:59:30
firefox security update
2024-06-14 13:59:30
thunderbird security update
2024-06-14 14:00:40
amazon
amazon
Important: thunderbird
2024-06-06 20:17:00
mageia
mageia
Updated thunderbird packages fix security vulnerabilities
2024-05-22 02:38:02
Updated nss & firefox packages fix security vulnerabilities
2024-05-22 02:17:20
mozilla
mozilla
Security Vulnerabilities fixed in Thunderbird 115.11 — Mozilla
2024-05-15 00:00:00
Security Vulnerabilities fixed in Firefox ESR 115.11 — Mozilla
2024-05-14 00:00:00
Security Vulnerabilities fixed in Firefox 126 — Mozilla
2024-05-14 00:00:00
wordfence
wordfence
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 20, 2024 to May 26, 2024)
2024-05-30 15:23:45

AI Score

8.3

Confidence

High

JSON
Related for 2A886D8CB9AC6D68B48A1C33D91DB18965D34B83466B5EF5EF1D84EEC6DA8AF8
nessus54osv21redhatcve1veracode1githubexploit10debiancve1wpvulndb1openvas23cve1vulnrichment1cvelist1nvd1ubuntucve1github2thn1almalinux4oraclelinux6redhat18ubuntu3freebsd1debian4kaspersky3slackware2rocky3amazon1mageia2mozilla3wordfence1