Lucene search

K
ibmIBM8B9021F9A7F8F5963D6BAFFB593C2C3325C588F3D88199896328581F1389D466
HistorySep 27, 2023 - 9:13 p.m.

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Certifi

2023-09-2721:13:32
www.ibm.com
15
ibm watson discovery
ibm cloud pak for data
certifi
cve-2023-37920
vulnerability
e-tugra
cvss
upgrade

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

24.8%

Summary

IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Certifi.

Vulnerability Details

CVEID:CVE-2023-37920
**DESCRIPTION:**An unspecified error with the removal of e-Tugra root certificate in Certifi has an unknown impact and attack vector.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/261639 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
Watson Discovery

4.0.0-4.7.1

Remediation/Fixes

Upgrade to IBM Watson Discovery 4.7.3

<https://cloud.ibm.com/docs/discovery-data?topic=discovery-data-install&gt;

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmwatson_queryMatch4.0.0
OR
ibmwatson_queryMatch4.7.1

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

24.8%