5.3 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.3 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
IBM WebSphere Application Server and IBM WebSphere Application Server Liberty is used by IBM Watson Explorer. IBM Watson Explorer has addressed the applicable CVE ( CVE-2024-22329, CVE-2023-50312).
CVEID:CVE-2024-22329
**DESCRIPTION:**IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, an attacker could exploit this vulnerability to conduct the SSRF attack. X-Force ID: 279951.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/279951 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID:CVE-2023-50312
**DESCRIPTION:**IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. IBM X-Force ID: 274711.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/274711 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Watson Explorer DAE Analytical Components |
12.0.0.0, 12.0.0.1
12.0.1,
12.0.2.0 - 12.0.2.2,
12.0.3.0 - 12.0.3.14
IBM Watson Explorer DAE Foundational Components|
12.0.0.0, 12.0.0.1
12.0.1,
12.0.2.0 - 12.0.2.2,
12.0.3.0 - 12.0.3.14
IBM Watson Explorer Analytical Components|
11.0.0.0 - 11.0.0.3,
11.0.1,
11.0.2.0 - 11.0.2.18
IBM Watson Explorer Foundational Components|
11.0.0.0 - 11.0.0.3,
11.0.1,
11.0.2.0 - 11.0.2.18
Affected Product | Affected Versions | Fix |
---|---|---|
IBM Watson Explorer DAE Analytical Components |
12.0.0.0, 12.0.0.1
12.0.1,
12.0.2.0 - 12.0.2.2,
12.0.3.0 - 12.0.3.14
|
Upgrade to Version 12.0.3.15.
See Watson Explorer Version 12.0.3.15 Analytical Components for download information and instructions.
IBM Watson Explorer DAE Foundational Components|
12.0.0.0, 12.0.0.1
12.0.1,
12.0.2.0 - 12.0.2.2,
12.0.3.0 - 12.0.3.14
|
Upgrade to Version 12.0.3.15.
See Watson Explorer Version 12.0.3.15 Foundational Components for download information and instructions.
IBM Watson Explorer Analytical Components|
11.0.0.0 - 11.0.0.3,
11.0.1,
11.0.2.0 - 11.0.2.18
|
Upgrade to Watson Explorer Analytical Components Version 11.0.2 Fix Pack 19. For information about this version, and links to the software and release notes, see the download document. For information about upgrading, see the upgrade procedures.
IBM Watson Explorer Foundational Components|
11.0.0.0 - 11.0.0.3,
11.0.1,
11.0.2.0 - 11.0.2.18
|
Upgrade to Watson Explorer Foundational Components Version 11.0.2 Fix Pack 19. For information about this version, and links to the software and release notes, see the download document. For information about upgrading, see the upgrade procedures.
None
5.3 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.3 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%