Potential Golang Go denial of service vulnerability ( CVE-2022-41724) has been identified that may affect Watson CP4D Data Stores Refer to details for additional information.
CVEID:CVE-2022-41724
**DESCRIPTION:**Golang Go is vulnerable to a denial of service, caused by a flaw when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/248257 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
Watson CP4D Data Stores | All |
For all affected versions, IBM strongly recommends addressing the vulnerability now by upgrading to the latest (v4.7.0 or later releases) release of IBM Cloud Pak for Data which maintains backward compatibility with previous versions.
Product Latest Version | Remediation/Fix/Instructions |
---|---|
IBM Cloud Pak for Data Version 4.7.0 |
Follow instructions for Version Update (v4.7.0 release information)
<https://www.ibm.com/docs/en/cloud-paks/cp-data/4.7.x>
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm watson developer cloud | eq | 4.7.0 | |
ibm watson developer cloud | eq | 4.7. |