Lucene search

K
ibmIBM84AE2D09BD376161DA1BD23BA31760B9409103B447D6B685BB91E8FF3A5141BC
HistoryAug 29, 2024 - 6:58 p.m.

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in werkzeug

2024-08-2918:58:10
www.ibm.com
7
ibm watson discovery
ibm cloud pak for data
vulnerability
werkzeug
code execution
upgrade
mitigation

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

Summary

IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of werkzeug

Vulnerability Details

**CVEID:**CVE-2024-34069 DESCRIPTION: Pallets Werkzeug could allow a remote attacker to execute arbitrary code on the system, caused by improper usage of a pathname and improper CSRF protection in the debugger. By persuading a victim to interact with a domain and subdomain they control, enter the debugger PIN and guess a URL in the developer’s application that will trigger the debugger, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/290009 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
ICP - Discovery 4.0.0-4.8.5
ICP - Discovery 5.0.0

Remediation/Fixes

Upgrade to IBM Watson Discovery 4.8.6 or 5.0.1

https://cloud.ibm.com/docs/discovery-data?topic=discovery-data-install

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmwatson_discoveryMatch4.0.0
OR
ibmwatson_discoveryMatch4.8.5
OR
ibmwatson_discoveryMatch5.0.0
VendorProductVersionCPE
ibmwatson_discovery4.0.0cpe:2.3:a:ibm:watson_discovery:4.0.0:*:*:*:*:*:*:*
ibmwatson_discovery4.8.5cpe:2.3:a:ibm:watson_discovery:4.8.5:*:*:*:*:*:*:*
ibmwatson_discovery5.0.0cpe:2.3:a:ibm:watson_discovery:5.0.0:*:*:*:*:*:*:*

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High