Lucene search

IBM9319F8254345FEC31C4FC2068E9B5944E180A1C486DA83C21116F20DFC707095

HistoryNov 29, 2023 - 2:47 p.m.

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Apache Commons Compress

2023-11-2914:47:06

www.ibm.com

ibm watson discovery cartridge

ibm cloud pak for data

vulnerability

apache commons compress

denial of service

upgrade

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.5 Medium

AI Score

Confidence

High

1.9 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:N/A:P

0.0005 Low

EPSS

Percentile

16.2%

JSON

Summary

IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Apache Commons Compress.

Vulnerability Details

CVEID:CVE-2023-42503
**DESCRIPTION:**Apache Commons Compress is vulnerable to a denial of service, caused by improper input validation. By persuading a victim to open a specially crafted TAR file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/266096 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s)	Version(s)
Watson Discovery	4.0.0-4.7.3

Remediation/Fixes

Upgrade to IBM Watson Discovery 4.8.0

<https://cloud.ibm.com/docs/discovery-data?topic=discovery-data-install>

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm watson discoveryeq4.0.0
ibm watson discoveryeq4.7.3

CPE	Name	Operator	Version
	ibm watson discovery	eq	4.0.0
	ibm watson discovery	eq	4.7.3

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.5 Medium

AI Score

Confidence

High

1.9 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:N/A:P

0.0005 Low

EPSS

Percentile

16.2%

JSON

Related for 9319F8254345FEC31C4FC2068E9B5944E180A1C486DA83C21116F20DFC707095