Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMC584062FF02196D3513361FBB98104F5FA7514B1ABD5ECCA55D19C8B859E090E
HistoryDec 16, 2020 - 5:55 p.m.

Security Bulletin: Spring Framework vulnerabilities affect IBM Watson Text to Speech and Speech to Text (IBM Watson Speech Services for Cloud Pak for Data 1.2)

2020-12-1617:55:27
www.ibm.com
9

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

3.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:P/I:P/A:N

JSON

Summary

Spring Framework vulnerabilities, listed below, affect IBM Watson Text to Speech and Speech to Text (IBM Watson Speech Services for Cloud Pak for Data 1.2)

Vulnerability Details

CVEID:CVE-2020-5421
**DESCRIPTION:**VMware Tanzu Spring Framework could allow a remote attacker to bypass security restrictions, caused by improper input validation. By using a specially-crafted jsessionid path parameter, an attacker could exploit this vulnerability to bypass RFD Protection.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/188530 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Watson Speech Services for Cloud Pak for Data 1.2

Remediation/Fixes

Download and install the newest deployment of IBM Watson Speech Services for Cloud Pak for Data 1.2 to your cluster. This deployment includes Spring Framework 5.2.9, or higher, which contains the latest fixes for the issues described above.

Workarounds and Mitigations

None

Related

ibm 18
nessus 3
veracode 1
github 1
osv 2
ubuntucve 1
githubexploit 1
debiancve 1
cve 1
redhatcve 1
prion 1
redhat 1
oracle 7
ibm
ibm
Security Bulletin: Spring Framework as used by IBM QRadar SIEM is vulnerable to improper input validation (CVE-2020-5421)
2021-01-27 00:09:26
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Spring
2021-02-27 03:38:50
Security Bulletin: A Vulnerability in Spring Framework affects IBM License Key Server Administration and Reporting Tool
2020-12-30 15:34:28
nessus
nessus
Oracle Primavera P6 Enterprise Project Portfolio Management (Jan 2021 CPU)
2021-01-22 00:00:00
Oracle Primavera Gateway (Jan 2021 CPU)
2021-01-20 00:00:00
Oracle MySQL Enterprise Monitor Multiple Vulnerabilities (Jan 2021 CPU)
2021-01-28 00:00:00
veracode
veracode
Reflected File Download (RFD) Attack
2020-09-18 08:14:19
github
github
Improper Input Validation in Spring Framework
2021-04-30 17:29:51
osv
osv
Improper Input Validation in Spring Framework
2021-04-30 17:29:51
CVE-2020-5421
2020-09-19 04:15:11
ubuntucve
ubuntucve
CVE-2020-5421
2020-09-19 00:00:00
githubexploit
githubexploit
Exploit for Vulnerability in Pivotal Software Spring Framework
2021-01-10 12:26:00
debiancve
debiancve
CVE-2020-5421
2020-09-19 04:15:00
cve
cve
CVE-2020-5421
2020-09-19 04:15:00
redhatcve
redhatcve
CVE-2020-5421
2020-09-21 16:59:07
prion
prion
Design/Logic Flaw
2020-09-19 04:15:00
redhat
redhat
(RHSA-2021:3140) Moderate: Red Hat Fuse 7.9.0 release and security update
2021-08-11 18:18:10
oracle
oracle
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00
Oracle Critical Patch Update Advisory - January 2021
2021-01-19 00:00:00
Oracle Critical Patch Update Advisory - October 2022
2022-10-18 00:00:00

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

3.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:P/I:P/A:N

JSON
Related for C584062FF02196D3513361FBB98104F5FA7514B1ABD5ECCA55D19C8B859E090E
ibm18nessus3veracode1github1osv2ubuntucve1githubexploit1debiancve1cve1redhatcve1prion1redhat1oracle7