Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMB880BD2BCB4C8FBFF764F46F4F0228D1B20524FF291C08FD0C5EDC76EE4A2E19
HistoryAug 07, 2023 - 6:13 a.m.

Security Bulletin: IBM OpenPages for IBM Cloud Pak for Data is Vulnerable to JetBrains Kotlin weak security [CVE-2022-24329]

2023-08-0706:13:48
www.ibm.com
15
ibm openpages
ibm cloud pak
data vulnerability
jetbrains kotlin
remote attacks

0.001 Low

EPSS

Percentile

32.7%

JSON

Summary

There is a vulnerability in the JetBrains Kotlin open source library used by IBM OpenPages for IBM Cloud Pak for Data. This vulnerability has been addressed.

Vulnerability Details

CVEID:CVE-2022-24329
**DESCRIPTION:**JetBrains Kotlin could provide weaker than expected security, caused by failing to lock dependencies for Multiplatform Gradle Projects. A remote attacker could exploit this vulnerability to launch further attacks on the system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/220617 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM OpenPages for IBM Cloud Pak for Data 4.0.x

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now by upgrading.

If you are using IBM OpenPages for IBM Cloud Pak for Data 8.203.x and 8.204.x you will need to upgrade to

1. IBM Cloud Pak for Data Version 4.5or later** **

2. IBM OpenPages for IBM Cloud Pak for Data 8.300.0or later** **

Upgrade installation instructions are provided at the URL listed below:

https://www.ibm.com/docs/en/cloud-paks/cp-data/4.5.x?topic=openpages-upgrading

Workarounds and Mitigations

None

Related

redhatcve 1
osv 1
cvelist 1
cve 1
prion 1
debiancve 1
ibm 9
ubuntucve 1
veracode 1
github 1
nessus 2
jetbrains 1
oracle 5
redhatcve
redhatcve
CVE-2022-24329
2022-04-11 19:55:44
osv
osv
Improper Locking in JetBrains Kotlin
2022-02-26 00:00:43
cvelist
cvelist
CVE-2022-24329
2022-02-25 14:35:03
cve
cve
CVE-2022-24329
2022-02-25 15:15:00
prion
prion
Code injection
2022-02-25 15:15:00
debiancve
debiancve
CVE-2022-24329
2022-02-25 15:15:00
ibm
ibm
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Kotlin
2022-04-27 14:53:48
Security Bulletin: IBM MQ Blockchain bridge is vulnerable to an issue within fabric gateway (CVE-2022-24329)
2022-09-27 13:13:18
Security Bulletin: Multiple Vulnerabilities in Cloud Pak for Watson AIOPs
2022-10-03 18:44:01
ubuntucve
ubuntucve
CVE-2022-24329
2022-02-25 00:00:00
veracode
veracode
Improper Dependency Locking
2022-10-21 12:20:51
github
github
Improper Locking in JetBrains Kotlin
2022-02-26 00:00:43
nessus
nessus
Oracle Access Manager (Apr 2024 CPU)
2024-04-19 00:00:00
Oracle Business Intelligence Publisher (OAS) (Jan 2023 CPU)
2023-01-24 00:00:00
jetbrains
jetbrains
JetBrains Security Bulletin Q4 2021
2022-02-08 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2023
2023-10-17 00:00:00
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00
Oracle Critical Patch Update Advisory - April 2024
2024-04-16 00:00:00

0.001 Low

EPSS

Percentile

32.7%

JSON
Related for B880BD2BCB4C8FBFF764F46F4F0228D1B20524FF291C08FD0C5EDC76EE4A2E19
redhatcve1osv1cvelist1cve1prion1debiancve1ibm9ubuntucve1veracode1github1nessus2jetbrains1oracle5