7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
23.4%
TensorFlow is vulnerable to a denial of service on IBM Watson Machine Learning on CP4D
CVEID:CVE-2021-29547
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by heap out-of-bounds in QuantizedBatchNormWithGlobalNormalization
. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201963 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2021-29560
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a heap-based buffer overflow in RaggedTensorToTensor
. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201987 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2021-29522
**DESCRIPTION:*TensorFlow is vulnerable to a denial of service, caused by a division by zero in the implementation of the tf.raw_ops.Conv3DBackprop operations. By using a specially-crafted model, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 3.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/202031 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2021-29564
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a NULL pointer dereference in EditDistance
. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201983 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2021-29568
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by binding to NULL pointer in tf.raw_ops.ParameterizedTruncatedNormal
. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201979 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2021-29542
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a heap-based buffer overflow in StringNGrams
. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201967 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2021-29526
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a division by zero in the implementation of tf.raw_ops.Conv2D. By using a specially-crafted model, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 3.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/202035 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2021-29539
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a Segfault in ‘tf.raw_ops.ImmutableConst’. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201971 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2021-29543
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a CHECK
-fail in CTCGreedyDecoder
. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201966 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2021-29520
**DESCRIPTION:*TensorFlow is vulnerable to a denial of service, caused by a heap-based buffer overflow in the implementation of tf.raw_ops.Conv3DBackprop operations. By using a specially-crafted model, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 3.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/202029 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2021-29525
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a division by zero in the implementation of tf.raw_ops.Conv2DBackpropInput. By using a specially-crafted model, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 3.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/202034 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2021-29546
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by division by zero in QuantizedBiasAdd
. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201962 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2021-29561
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a CHECK
-fail in LoadAndRemapMatrix
. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201986 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2021-29521
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a segmentation fault in the implementation of tf.raw_ops.SparseCountSparseOutput. By using a specially-crafted model, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 3.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/202030 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2021-29565
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a NULL pointer dereference in SparseFillEmptyRows
. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201982 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2021-29548
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by division by zero in QuantizedBatchNormWithGlobalNormalization
. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201961 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2021-29562
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a CHECK
-fail in tf.raw_ops.IRFFT
. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201985 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2021-29566
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by the Heap OOB access in Dilation2DBackpropInput
. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201981 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2021-29540
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a heap-based buffer overflow in Conv2DBackpropFilter
. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201970 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2021-29528
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a division by zero in the implementation of tf.raw_ops.QuantizedMul. By using a specially-crafted model, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 3.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/202037 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2021-29544
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a CHECK
-fail in QuantizeAndDequantizeV4Grad
. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201965 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2021-29519
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a CHECK-failure in the API of tf.raw_ops.SparseCross. By using a specially-crafted model, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 3.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/202028 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2021-29524
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a division by zero in the implementation of tf.raw_ops.Conv2DBackpropFilter. By using a specially-crafted model, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 3.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/202033 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2021-29541
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a NULL pointer dereference in StringNGrams
. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201968 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2021-29527
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a division by zero in the implementation of tf.raw_ops.QuantizedConv2D. By using a specially-crafted model, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 3.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/202036 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2021-29545
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a heap-based buffer overflow in SparseTensorToCSRSparseMatrix
. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201964 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2021-29559
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a Heap OOB access in unicode ops. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201989 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2021-29523
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a CHECK-fail in the implementation of tf.raw_ops.AddManySparseToTensorsMap. By using a specially-crafted model, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 3.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/202032 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2021-29563
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a CHECK
-fail in tf.raw_ops.RFFT
. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201984 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2021-29567
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by the lack of validation in SparseDenseCwiseMul
. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201980 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)
Affected Product(s) | Version(s) |
---|---|
IBM Watson Machine Learning on CP4D | 2.5,3.0,3.5,4.0 |
Fix is available on IBM Watson Machine Learning on CP4D 4.0.1
See : <https://www.ibm.com/support/producthub/icpdata/docs/content/SSQNUZ_latest/cpd/overview/whats-new.html#whats-new>
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm watson machine learning | eq | 4.0.1 |
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
23.4%