Lucene search

K
ibmIBM98283CFA95F6BF8734797F60CE0F1633CDE2F2CFE8B1C29D35562086E63F1486
HistoryMay 26, 2022 - 1:20 a.m.

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in OpenSSL

2022-05-2601:20:40
www.ibm.com
44
ibm watson discovery
ibm cloud pak for data
openssl
vulnerability
remote attacker
denial of service
certificate
infinite loop
cvss
affected products
version
remediation
upgrade
workarounds
mitigations

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.016

Percentile

87.6%

Summary

IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of OpenSSL.

Vulnerability Details

CVEID:CVE-2022-0778
**DESCRIPTION:**OpenSSL is vulnerable to a denial of service, caused by a flaw in the BN_mod_sqrt() function when parsing certificates. By using a specially-crafted certificate with invalid explicit curve parameters, a remote attacker could exploit this vulnerability to cause an infinite loop, and results in a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/221911 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
Watson Discovery 4.0.0-4.0.8

Remediation/Fixes

Upgrade to IBM Watson Discovery 4.0.9

<https://cloud.ibm.com/docs/discovery-data?topic=discovery-data-install&gt;

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmwatson_queryMatch4.0.0
OR
ibmwatson_queryMatch4.0.8
VendorProductVersionCPE
ibmwatson_query4.0.0cpe:2.3:a:ibm:watson_query:4.0.0:*:*:*:*:*:*:*
ibmwatson_query4.0.8cpe:2.3:a:ibm:watson_query:4.0.8:*:*:*:*:*:*:*

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.016

Percentile

87.6%