IBMB341E573E872B75A36AB3553C656C7063783AB43D13D92B1C8923E08E3A811CBSecurity Bulletin: Weakness in generated service credentials affects multiple Watson Developer Cloud services (CVE-2016-0391)
0.006 Low
EPSS
Percentile
79.3%
Summary
A weakness in generated service credentials that affects multiple Watson Developer Cloud offered through IBM Bluemix has been identified and fixed. Replacement of previously generated credentials is recommended.
Vulnerability Details
CVEID: CVE-2016-0391 DESCRIPTION: Multiple Watson Developer Cloud services offered through IBM Bluemix have provided generated credentials for service authentication where a portion of the credentials for a service instance use insufficient randomness and are therefore subject to potential compromise by cryptanalysis and/or brute force attack.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112560> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Affected Products and Versions
The following Watson Developer Cloud Services on Bluemix are affected:
- Concept Expansion
- Concept Insights
- Dialog
- Document Conversion
- Language Translation
- Natural Language Classifier
- Personality Insights
- Relationship Extraction
- Retrieve and Rank
- Speech to Text
- Text to Speech
- Tone Analyzer
- Tradeoff Analytics
- Visual Insights
- Visual Recognition
Remediation/Fixes
Replacement of previously generated credentials is recommended. Instructions can be found here.
Workarounds and Mitigations
None.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm watson developer cloud | eq | any |
Related
0.006 Low
EPSS
Percentile
79.3%