Watson Machine Learning Accelerator is affected by multiple json4j CVEs (CVE-2022-23529, CVE-2022-23539, CVE-2022-23540, CVE-2022-23541, CVE-2022-45690, CVE-2022-46175, CVE-2022-4742). We fixed by removing json4j.
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Affected Product(s) | Version(s) |
---|---|
Watson Machine Learning Accelerator on Cloud Pak for Data | All |
Watson Machine Learning Accelerator version 3.1.0 and above fixed json4j CVEs by replacing json4j.
1. For Watson Machine Learning Accelerator version 2.4.x, 2.5.0, 2.6.0, 3.0.0
Follow <https://www.ibm.com/docs/en/cloud-paks/cp-data/4.6.x?topic=accelerator-upgrading> to upgrade from WMLA 2.4.x/2.5.0/2.6.0/3.0.0 to WMLA 3.1.0 or above version.
2. For Watson Machine Learning Accelerator version 2.3.x
To address the affected version, first upgrade to IBM Watson Machine Learning Accelerator 2.3.5 by following the document <https://www.ibm.com/docs/en/wmla/2.3?topic=installation-install-upgrade>
Then upgrade from WMLA 2.3.5 to WMLA 3.1.0 or above version following <https://www.ibm.com/docs/en/cloud-paks/cp-data/4.6.x?topic=accelerator-upgrading>
3. For Watson Machine Learning Accelerator version 2.2.x
To address the affected version
a. upgrade to IBM Watson Machine Learning Accelerator 2.2.6 by following the document <https://www.ibm.com/docs/en/cloud-paks/cp-data/3.5.0?topic=accelerator-upgrading-watson-machine-learning>
b. upgrade from IBM Watson Machine Learning Accelerator 2.2.6 to IBM Watson Machine Learning Accelerator 2.3.1 following <https://www.ibm.com/docs/en/wmla/2.3?topic=installation-install-upgrade>
c. upgrade all the way to IBM Watson Machine Learning Accelerator 2.3.5 following <https://www.ibm.com/docs/en/wmla/2.3?topic=installation-install-upgrade>
d. upgrade from WMLA 2.3.5 to WMLA 3.1.0 or above version following <https://www.ibm.com/docs/en/cloud-paks/cp-data/4.6.x?topic=accelerator-upgrading>
None
CPE | Name | Operator | Version |
---|---|---|---|
watson machine learning accelerator on cloud pak for data | eq | any |