Lucene search
IBM38F3E48C3A204FB6E33DE14D2E0FB3581F9062842D239B12890BBB69FF209EBDHistorySep 05, 2024 - 9:46 p.m.
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in OpenSSH
2024-09-0521:46:37
www.ibm.com
8
ibm watson discovery
ibm cloud pak for data
openssh
vulnerability
remote code execution
upgrade
glibc-based linux systems
CVSS3
8.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
7.9
Confidence
Low
EPSS
0.004
Percentile
73.8%
Summary
IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of OpenSSH
Vulnerability Details
CVEID:CVE-2024-6387
**DESCRIPTION:**OpenSSH could allow a remote attacker to execute arbitrary code on the system, caused by a signal handler race condition. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code with root privileges on glibc-based Linux systems.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/296064 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| ICP - Discovery | 4.0.0 - 4.8.5 |
| ICP - Discovery | 5.0.0 |
Remediation/Fixes
Strongly encouraged to upgrade to IBM Watson Discovery 4.8.6 or 5.0.1 and <https://cloud.ibm.com/docs/discovery-data?topic=discovery-data-install>
Workarounds and Mitigations
None
Affected configurations
Node
ibmwatson_discoveryMatch4.0.0
ORibmwatson_discoveryMatch4.8.5
ORibmwatson_discoveryMatch5.0.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | watson_discovery | 4.0.0 | cpe:2.3:a:ibm:watson_discovery:4.0.0:*:*:*:*:*:*:* |
| ibm | watson_discovery | 4.8.5 | cpe:2.3:a:ibm:watson_discovery:4.8.5:*:*:*:*:*:*:* |
| ibm | watson_discovery | 5.0.0 | cpe:2.3:a:ibm:watson_discovery:5.0.0:*:*:*:*:*:*:* |
Related
openvas
openvas
Fedora: Security Advisory (FEDORA-2024-dc89a2e1bf)
2024-09-10 00:00:00
Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2024-2184)
2024-08-20 00:00:00
Fedora: Security Advisory (FEDORA-2024-213f33544e)
2024-09-10 00:00:00
ibm
ibm
slackware
slackware
[slackware-security] openssh
2024-07-01 20:31:12
nessus
nessus
SUSE SLED15 / SLES15 Security Update : openssh (SUSE-SU-2024:2275-1)
2024-07-03 00:00:00
RHEL 9 : openssh (RHSA-2024:4340)
2024-07-05 00:00:00
Fedora 39 : openssh (2024-213f33544e)
2024-07-02 00:00:00
cbl_mariner
cbl_mariner
CVE-2024-6387 affecting package openssh for versions less than 8.9p1-6
2024-07-04 13:46:57
CVE-2024-6387 affecting package openssh for versions less than 9.8p1-1
2024-08-25 15:13:42
redhat
redhat
(RHSA-2024:4340) Important: openssh security update
2024-07-05 21:13:39
(RHSA-2024:4389) Important: openssh security update
2024-07-08 21:02:45
(RHSA-2024:4312) Important: openssh security update
2024-07-03 13:57:47
githubexploit
githubexploit
Exploit for Signal Handler Race Condition in Openbsd Openssh
2024-07-02 11:08:40
Exploit for Signal Handler Race Condition in Openbsd Openssh
2024-07-02 03:42:35
Exploit for Signal Handler Race Condition in Openbsd Openssh
2024-07-02 01:08:05
archlinux
archlinux
[ASA-202407-1] openssh: authentication bypass
2024-07-01 00:00:00
gentoo
gentoo
OpenSSH: Remote Code Execution
2024-07-01 00:00:00
mageia
mageia
Updated openssh packages fix security vulnerability
2024-07-03 19:36:28
kaspersky
kaspersky
KLA70445 ACE vulnerability in Microsoft Mariner
2024-07-11 00:00:00
KLA71456 RCE vulnerability in Microsoft Azure
2024-07-11 00:00:00
fedora
fedora
[SECURITY] Fedora 40 Update: openssh-9.6p1-1.fc40.4
2024-07-02 20:16:57
[SECURITY] Fedora 39 Update: openssh-9.3p1-11.fc39
2024-07-02 18:08:34
freebsd
freebsd
OpenSSH -- Race condition resulting in potential remote code execution
2024-07-01 00:00:00
OpenSSH -- Pre-authentication async signal safety issue
2024-08-06 00:00:00
osv
osv
Important: openssh security update
2024-07-03 00:00:00
openssh vulnerability
2024-07-01 09:06:31
openssh - security update
2024-07-01 00:00:00
virtuozzo
virtuozzo
Virtuozzo Hybrid Infrastructure 6.2 (6.2.0-138)
2024-07-01 00:00:00
Virtuozzo Hybrid Infrastructure 6.1 Update 1.3 (6.1.1-44)
2024-07-01 00:00:00
Virtuozzo Hybrid Infrastructure 6.0 Update 1.8 (6.0.1-98)
2024-07-01 00:00:00
aix
aix
AIX is vulnerable to arbitrary code execution (CVE-2024-6387) due to OpenSSH
2024-07-09 15:29:43
ubuntu
ubuntu
OpenSSH vulnerability
2024-07-01 00:00:00
schneier
schneier
New Open SSH Vulnerability
2024-07-03 15:27:11
mscve
mscve
cloudfoundry
cloudfoundry
USN-6859-1: OpenSSH vulnerability | Cloud Foundry
2024-07-25 00:00:00
paloalto
paloalto
Informational Bulletin: Impact of OpenSSH regreSSHion Vulnerability
2024-07-01 19:30:00
broadcom
broadcom
oraclelinux
oraclelinux
openssh security update
2024-07-04 00:00:00
openssh security update
2024-07-01 00:00:00
wizblog
wizblog
RCE vulnerability in OpenSSH: everything you need to know
2024-07-01 13:49:17
redos
redos
ROS-20240704-01
2024-07-04 00:00:00
almalinux
almalinux
Important: openssh security update
2024-07-03 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2024-4.0-0642
2024-07-01 00:00:00
Important Photon OS Security Update - PHSA-2024-5.0-0307
2024-07-01 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-24:04.openssh
2024-07-01 00:00:00
FreeBSD-SA-24:08.openssh
2024-08-07 00:00:00
nvd
nvd
CVE-2024-6387
2024-07-01 13:15:06
CVE-2024-7589
2024-08-12 13:38:44
alpinelinux
alpinelinux
CVE-2024-6387
2024-07-01 13:15:06
debiancve
debiancve
CVE-2024-7589
2024-08-12 13:38:44
CVE-2024-6387
2024-07-01 13:15:06
vulnrichment
vulnrichment
CVE-2024-7589 OpenSSH pre-authentication async signal safety issue
2024-08-11 03:15:52
CVE-2024-6387 Openssh: regresshion - race condition in ssh allows rce/dos
2024-07-01 12:37:25
trendmicroblog
trendmicroblog
redhatcve
redhatcve
citrix
citrix
Cloud Software Group Security Advisory for CVE-2024-6387
2024-07-04 15:15:05
cvelist
cvelist
CVE-2024-7589 OpenSSH pre-authentication async signal safety issue
2024-08-11 03:15:52
CVE-2024-6387 Openssh: regresshion - race condition in ssh allows rce/dos
2024-07-01 12:37:25
thn
thn
New OpenSSH Vulnerability Discovered: Potential Remote Code Execution Risk
2024-07-10 03:26:00
FreeBSD Releases Urgent Patch for High-Severity OpenSSH Vulnerability
2024-08-12 10:15:00
New OpenSSH Vulnerability Could Lead to RCE as Root on Linux Systems
2024-07-01 10:50:00
attackerkb
attackerkb
CVE-2020-14871
2020-10-21 00:00:00
cve
cve
CVE-2024-7589
2024-08-12 13:38:44
CVE-2024-6387
2024-07-01 13:15:06
f5
f5
K000140222: OpenSSH server vulnerability CVE-2024-6387
2024-07-01 00:00:00
K000140768: OpenSSH vulnerability CVE-2024-7589
2024-08-22 00:00:00
ubuntucve
ubuntucve
CVE-2024-7589
2024-08-12 00:00:00
CVE-2024-6387
2024-07-01 00:00:00
cisco
cisco
ics
ics
Siemens Industrial Products
2024-09-12 12:00:00
qualysblog
qualysblog
pentestpartners
pentestpartners
RCE vulnerability in OpenSSH – RegreSSHion (CVE-2024-6387)
2024-07-02 05:31:12
arista
arista
Security Advisory 0100
2024-07-08 00:00:00
hivepro
hivepro
Attacks, Vulnerabilities and Actors 01 to 07 July 2024
2024-07-10 17:49:37
wallarmlab
wallarmlab
zdt
zdt
OpenSSH Server regreSSHion Remote Code Execution Vulnerability
2024-07-02 00:00:00
packetstorm
packetstorm
OpenSSH Server regreSSHion Remote Code Execution
2024-07-01 00:00:00
CVSS3
8.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
7.9
Confidence
Low
EPSS
0.004
Percentile
73.8%
Related for 38F3E48C3A204FB6E33DE14D2E0FB3581F9062842D239B12890BBB69FF209EBD