IBM8F0F37B008B39C41AB6C13189211683E74FFCC6508FBA3C4A3CAE681269E2B26Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to unspecified vulnerability in Java SE ( CVE-2024-20921)
Summary
Potential unspecified vulnerability in Java SE related to the VM component (CVE-2024-20921) has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability has been addressed. Refer to details for additional information.
Vulnerability Details
CVEID:CVE-2024-20921
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality impact.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/279734 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Affected Version(s) |
|---|---|
| IBM Watson Assistant for IBM Cloud Pak for Data | 4.0.0 - 4.8.4 |
Remediation/Fixes
For all affected versions, IBM strongly recommends addressing the vulnerability now by upgrading to the latest (v4.8.5 or later releases) release of IBM Watson Assistant for IBM Cloud Pak for Data which maintains backward compatibility with the versions listed above.
| Product Latest Version | Remediation/Fix/Instructions |
|---|---|
| IBM Watson Assistant for IBM Cloud Pak for Data 4.8.5 |
Follow instructions for Installing Watson Assistant in Link to Release (v4.8.5 release information)
<https://www.ibm.com/docs/en/cloud-paks/cp-data/4.8.x>
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm watson assistant for ibm cloud pak for data | ge | 4.0.0 | |
| ibm watson assistant for ibm cloud pak for data | le | 4.8.4 |
Related
7 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
36.9%