5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
42.6%
A vulnerability exists in the Bouncy Castle version used by IBM Watson Machine Learning Accelerator. Bouncy Castle upgrade to version 1.69 which resolves these vulnerabilities, is available on IBM Fix Central.
CVEID:CVE-2020-15522
**DESCRIPTION:**Bouncy Castle BC Java, BC C# .NET, BC-FJA, BC-FNA could allow a remote attacker to obtain sensitive information, caused by a timing issue within the EC math library. By utilize cryptographic attack techniques, an attacker could exploit this vulnerability to obtain the private key information, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/202188 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Watson Machine Learning Accelerator | 1.2.1, 1.2.2, 1.2.3, 2.2.x, 2.3.0, 2.3.1 |
For 2.x.x version, Fixed in IBM Watson Machine Learning Accelerator 2.3.1, please reference the upgrade section in <https://www.ibm.com/docs/en/cloud-paks/cp-data/3.5.0?topic=accelerator-upgrading-watson-machine-learning>
For 1.x.x version,
Download IBM interim fix dli-1.2.3-build600543-wmla from the following location <http://www.ibm.com/eserver/support/fixes/>.
Follow the instructions in the downloaded README file to apply the IBM interim fix dli-1.2.3-build600543-wmla to the IBM Watson Machine Learning Accelerator version 1.2.3.
Note:
For IBM Watson Machine Learning Accelerator version 1.2.1 and 1.2.2, follow the IBM Docs <https://www.ibm.com/docs/en/wmla> to upgrade to version 1.2.3, then apply the IBM interim fix dli-1.2.3-build600543-wmla.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm powerai enterprise | eq | 1.2.1 | |
ibm powerai enterprise | eq | 1.2.2 | |
ibm powerai enterprise | eq | 1.2.3 | |
ibm powerai enterprise | eq | 2. | |
ibm powerai enterprise | eq | . |
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
42.6%