Lucene search

K
ibmIBMA575794F0C356D695CBCDBD7EF6EDCE45426BD5B6E3A33BD084AB41B7337280E
HistoryJun 16, 2021 - 7:39 a.m.

Security Bulletin: IBM Waston Machine Learning Acclerator is affected by an OpenSSL 1.0.2k vulnerability

2021-06-1607:39:04
www.ibm.com
7

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

70.5%

Summary

There is a vulnerability in OpenSSL 1.0.2k used by IBM Watson Machine Learning Accelerator. IBM Watson Machine Learning Accelerator has addressed the applicable CVE: CVE-2020-1968.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s) Version(s)
IBM Watson Machine Learning Accelerator

1.2.1

1.2.2

Remediation/Fixes

Product(s) |

Version(s)

|

APAR

|

Remediation/First Fix

—|—|—|—

IBM Watson Machine Learning Accelerator

|

1.2.1

1.2.2

|

None

|

Upgrade Watson Machine Learning Accelerator to the latest version 1.2.3 by following IBM docs <https://www.ibm.com/docs/en/wmla&gt;

If the current version is 1.2.2, upgrade it to the version 1.2.3.

If the current version is 1.2.1, upgrade it to the version 1.2.2 first, then upgrade from the version 1.2.2 to the version 1.2.3.

WMLA1.2.3 already covers this CVE.

Workarounds and Mitigations

None

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

70.5%

Related for A575794F0C356D695CBCDBD7EF6EDCE45426BD5B6E3A33BD084AB41B7337280E