Lucene search
IBMC54A64F51ED224A8F7D429251E9F0DA945B243265F5C96506C23B694951F2D16HistoryMar 04, 2021 - 3:24 a.m.
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Python
2021-03-0403:24:01
www.ibm.com
28
0.003 Low
EPSS
Percentile
70.0%
Summary
IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Python.
Vulnerability Details
CVEID:CVE-2020-26116
**DESCRIPTION:**Python is vulnerable to CRLF injection, caused by improper validation of user-supplied input in http.client. By inserting CR and LF control characters in the first argument of HTTPConnection.request, a remote attacker could exploit this vulnerability to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/189404 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| ICP - Discovery | 2.0.0-2.2.0 |
Remediation/Fixes
Upgrade to IBM Watson Discovery 2.2.1
<https://cloud.ibm.com/docs/discovery-data?topic=discovery-data-install>
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| watson discovery | eq | 2.0.0 | |
| watson discovery | eq | 2.2.0 |
Related
nessus
nessus
Ubuntu 16.04 LTS / 18.04 LTS : Python vulnerability (USN-4581-1)
2020-10-14 00:00:00
Photon OS 2.0: Python3 PHSA-2020-2.0-0289
2020-10-16 00:00:00
Fedora 32 : python27 (2020-887d3fa26f)
2020-10-19 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: mingw-python3-3.8.3-7.fc32
2020-11-17 01:14:12
[SECURITY] Fedora 33 Update: python2.7-2.7.18-6.fc33
2020-10-05 16:36:13
[SECURITY] Fedora 32 Update: python27-2.7.18-6.fc32
2020-10-16 15:21:26
debiancve
debiancve
CVE-2020-26116
2020-09-27 04:15:11
CVE-2020-26137
2020-09-30 18:15:26
ibm
ibm
osv
osv
http.client: HTTP Header Injection in the HTTP method
2020-09-27 00:00:00
CVE-2020-26116
2020-09-27 04:15:11
BIT-python-2020-26116
2024-03-06 11:07:36
openvas
openvas
cvelist
cvelist
CVE-2020-26116
2020-09-27 00:00:00
CVE-2020-26137
2020-09-29 00:00:00
prion
prion
Crlf injection
2020-09-27 04:15:00
Crlf injection
2020-09-30 18:15:00
suse
suse
Security update for python (moderate)
2020-11-07 00:00:00
Security update for python (moderate)
2020-11-21 00:00:00
Security update for python3 (important)
2020-12-26 00:00:00
cloudfoundry
cloudfoundry
USN-4581-1: Python vulnerability | Cloud Foundry
2020-11-19 00:00:00
ubuntucve
ubuntucve
CVE-2020-26116
2020-09-27 00:00:00
CVE-2020-26137
2020-09-30 00:00:00
veracode
veracode
CRLF Injection
2020-10-18 01:59:16
photon
photon
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2020-2.0-0289
2020-10-14 00:00:00
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2020-1.0-0332
2020-10-14 00:00:00
Important Photon OS Security Update - PHSA-2020-0332
2020-10-14 00:00:00
cve
cve
CVE-2020-26116
2020-09-27 04:15:11
CVE-2020-26137
2020-09-30 18:15:26
ubuntu
ubuntu
Python vulnerability
2020-10-14 00:00:00
Python vulnerabilities
2021-03-12 00:00:00
amazon
amazon
Medium: python27, python34, python35
2020-11-16 17:59:00
Medium: python
2021-06-16 20:37:00
Medium: python3
2021-06-16 20:37:00
redhat
redhat
(RHSA-2021:3366) Moderate: python3 security update
2021-08-31 08:21:02
(RHSA-2021:1879) Moderate: python38:3.8 security update
2021-05-18 06:18:31
(RHSA-2022:5235) Moderate: python security update
2022-06-28 07:52:39
cbl_mariner
cbl_mariner
CVE-2020-26116 affecting package python3 3.7.7-2
2021-07-08 21:56:42
redhatcve
redhatcve
CVE-2020-26116
2020-10-02 02:06:52
nvd
nvd
CVE-2020-26116
2020-09-27 04:15:11
CVE-2020-26137
2020-09-30 18:15:26
hackerone
hackerone
Ruby: 'net/http': HTTP Header Injection in the set_content_type method
2021-04-19 09:25:39
f5
f5
K000133759 : Python vulnerability CVE-2020-26116
2023-05-08 00:00:00
K000133547 : Python urllib3 vulnerability CVE-2020-26137
2023-04-18 00:00:00
github
github
CRLF injection in urllib3
2021-06-18 18:46:43
alpinelinux
alpinelinux
CVE-2020-26137
2020-09-30 18:15:26
gentoo
gentoo
Python: Multiple vulnerabilities
2021-01-24 00:00:00
debian
debian
[SECURITY] [DLA 2456-1] python3.5 security update
2020-11-19 03:44:14
[SECURITY] [DLA 3610-1] python-urllib3 security update
2023-10-08 11:06:20
almalinux
almalinux
Moderate: python38:3.8 security update
2021-05-18 06:18:31
Moderate: python3 security update
2021-05-18 05:42:46
Moderate: python27:2.7 security and bug fix update
2021-05-18 06:02:07
oraclelinux
oraclelinux
python38:3.8 security update
2021-05-25 00:00:00
python security update
2022-07-02 00:00:00
python27:2.7 security and bug fix update
2021-05-25 00:00:00
rocky
rocky
python38:3.8 security update
2021-05-18 06:18:31
python27:2.7 security and bug fix update
2021-05-18 06:02:07
centos
centos
python, tkinter security update
2022-08-02 19:15:12
cloudlinux
cloudlinux
Fix of CVE: CVE-2018-20852, CVE-2020-8492, CVE-2020-26116, CVE-2020-27619
2021-09-23 12:55:16
Fix of CVE: CVE-2020-26116, CVE-2020-8492, CVE-2018-20852, CVE-2020-27619
2021-10-05 14:07:59
mageia
mageia
Updated python and python3 packages fix security vulnerabilities
2020-12-08 13:40:32
archlinux
archlinux
[ASA-202103-27] python2: multiple issues
2021-03-25 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2203
2023-08-01 12:58:39
0.003 Low
EPSS
Percentile
70.0%
Related for C54A64F51ED224A8F7D429251E9F0DA945B243265F5C96506C23B694951F2D16