IBM2F2B0EEF687E89A613E772CBCF18B31FA51238D1EAF22D29CFC2D70FAA3BA1E5Security Bulletin: Watson CP4D Data Stores is vulnerable to SAP NetWeaver AS for JAVA security bypass vulnerability ( CVE-2023-30744)
0.001 Low
EPSS
Percentile
48.3%
Summary
Potential SAP NetWeaver AS for JAVA security bypass vulnerability ( CVE-2023-30744) has been identified that may affect Watson CP4D Data Stores. Refer to details for additional information.
Vulnerability Details
CVEID:CVE-2023-30744
**DESCRIPTION:**SAP NetWeaver AS for JAVA could allow a remote attacker to bypass security restrictions, caused by improper authorization validation. By attaching to an open interface and make use of an open naming and directory API to instantiate an object, an attacker could exploit this vulnerability to read or change the state of existing services.
CVSS Base score: 8.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/254712 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| Watson CP4D Data Stores | All versions before 4.7.0 |
Remediation/Fixes
For all affected versions, IBM strongly recommends addressing the vulnerability now by upgrading to the latest (v4.7.0 or later releases) release of IBM Watson Assistant for IBM Cloud Pak for Data which maintains backward compatibility with the versions listed above.
| Product Latest Version | Remediation/Fix/Instructions |
|---|---|
| IBM Cloud Pak for Data Version 4.7.0 |
Follow instructions for Installing Watson Assistant in Link to Release (v4.7.0 release information)
<https://www.ibm.com/docs/en/cloud-paks/cp-data/4.7.x>
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| watson cp4d data stores all versions before | eq | 4.7.0 |
Related
0.001 Low
EPSS
Percentile
48.3%