IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Python Cryptographic Authority cryptography.
CVEID:CVE-2023-38325
**DESCRIPTION:**Python Cryptographic Authority cryptography could provide weaker than expected security, caused by an encoding mismatch regarding critical options with OpenSSH. An attacker could exploit this vulnerability to launch further attacks on the system
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/260859 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
Affected Product(s) | Version(s) |
---|---|
Watson Discovery | 4.0.0-4.7.1 |
Upgrade to IBM Watson Discovery 4.7.3
<https://cloud.ibm.com/docs/discovery-data?topic=discovery-data-install>
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm watson discovery | eq | 4.0.0 | |
ibm watson discovery | eq | 4.7.1 |