IBMB12C4842AE790FD2C7AD44B9B6E210F4A55653050EF2711EE20FEC5467D82AA2Security Bulletin: Watson CP4D Data Stores is vulnerable to Golang Go to a denial of service (CVE-2022-1962)
0.001 Low
EPSS
Percentile
26.5%
Summary
Potential Golang Go to a denial of service vulnerability (CVE-2022-1962) has been identified that may affect Watson CP4D Data Stores Refer to details for additional information.
Vulnerability Details
CVEID:CVE-2022-1962
**DESCRIPTION:*Golang Go is vulnerable to a denial of service, caused by a stack exhaustion flaw in all Parse functions. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a panic, and results in a denial of service condition.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/232543 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| Watson CP4D Data Stores |
All versions before 4.7.0
Remediation/Fixes
For all affected versions, IBM strongly recommends addressing the vulnerability now by upgrading to the latest (v4.7.0 or later releases) release of IBM Watson Assistant for IBM Cloud Pak for Data which maintains backward compatibility with the versions listed above.
| Product Latest Version | Remediation/Fix/Instructions |
|---|---|
| IBM Cloud Pak for Data Version 4.7.0 |
Follow instructions for Installing Watson Assistant in Link to Release (v4.7.0 release information)
<https://www.ibm.com/docs/en/cloud-paks/cp-data/4.7.x>
Workarounds and Mitigations
None
Related
0.001 Low
EPSS
Percentile
26.5%