IBM72CDC261AECEA880E92627AC3C26FEE01FA99C94977EAB650A93D05162A51E7FSecurity Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Apache Derby
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
62.2%
Summary
IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Apache Derby. This bulletin identifies the steps to take to address the vulnerability.
Vulnerability Details
CVEID:CVE-2022-46337
**DESCRIPTION:**Apache Derby could allow a remote attacker to bypass security restrictions, caused by a LDAP injection vulnerability in authenticator. By sending a specially crafted request, an attacker could exploit this vulnerability to view and corrupt sensitive data and run sensitive database functions and procedures.
CVSS Base score: 9.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/271915 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| Watson Discovery | 4.0.0-4.8.0 |
Remediation/Fixes
Upgrade to IBM Watson Discovery 4.8.2
<https://cloud.ibm.com/docs/discovery-data?topic=discovery-data-install>
Workarounds and Mitigations
None
Affected configurations
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
62.2%