Lucene search

K
ibmIBMBAC58F310A73AC5E5FAD84D6ECE65ABCF89CB378E0F1092F4F7D09F826B5874A
HistoryDec 16, 2020 - 7:02 p.m.

Security Bulletin: Apache Tomcat vulnerabilities affect IBM Watson Text to Speech and Speech to Text (IBM Watson Speech Services for Cloud Pak for Data 1.2)

2020-12-1619:02:25
www.ibm.com
16
apache tomcat
ibm watson text to speech
speech to text
cloud pak for data
cve-2020-9484
remote authentication
arbitrary code execution
filestore
cvss base score 8.8
tomcat v9.0.38

EPSS

0.918

Percentile

99.0%

Summary

Apache Tomcat vulnerabilities, listed below, affect IBM Watson Text to Speech and Speech to Text (IBM Watson Speech Services for Cloud Pak for Data 1.2)

Vulnerability Details

CVEID:CVE-2020-9484
**DESCRIPTION:**Apache Tomcat could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization when the server is configured to use the PersistenceManager with a FileStore. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/182231 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Watson Speech Services for Cloud Pak for Data2 1.2

Remediation/Fixes

Download and install the newest deployment of IBM Watson Speech Services for Cloud Pak for Data 1.2 to your cluster. This deployment includes Tomcat v9.0.38, or higher, which contains the latest fixes for the issues described above.

Workarounds and Mitigations

None