Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMC85F5633C755A2A3CF7941EFEDA03B1D2B3486A067A6CDAAB2B4CEC2BA3D70AB
HistoryMay 06, 2024 - 10:30 a.m.

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to ETCD logs Information disclosure vulnerabilitiy.(CVE-2023-40694)

2024-05-0610:30:43
www.ibm.com
11
ibm watson cp4d
etcd logs
information disclosure
vulnerability
cve-2023-40694
ibm cloud
data store

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

5.9

Confidence

Low

EPSS

0

Percentile

9.0%

JSON

Summary

Potential ETCD logs Information disclosure vulnerabilitiy CVE-2023-40694 has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information.

Vulnerability Details

CVEID:CVE-2023-40694
**DESCRIPTION:**IBM Watson CP4D Data Store stores potentially sensitive information in log files that could be read by a local user.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/264838 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
Watson CP4D Data Stores 4.0.0 - 4.8.4

Remediation/Fixes

For all affected versions, IBM strongly recommends addressing the vulnerability now by upgrading to the latest release (v4.8.5 or later releases) of IBM Watson CP4D Data Stores which maintains backward compatibility with the versions listed above.

Product Latest Version Remediation/Fix/Instructions
IBM Watson CP4D Data Stores 4.8.5

Follow instructions for Installing IBM Watson CP4D Data Stores in Link to Release (v4.8.5 release information)

<https://www.ibm.com/docs/en/cloud-paks/cp-data/4.8.x&gt;

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmwatson_cp4d_data_storesRange4.0.0
OR
ibmwatson_cp4d_data_storesRange4.8.4
VendorProductVersionCPE
ibmwatson_cp4d_data_stores*cpe:2.3:a:ibm:watson_cp4d_data_stores:*:*:*:*:*:*:*:*

Related

cve 1
vulnrichment 1
nvd 1
cvelist 1
cve
cve
CVE-2023-40694
2024-05-07 21:15:08
vulnrichment
vulnrichment
CVE-2023-40694 IBM Watson CP4D Data Stores information disclosure
2024-05-07 21:09:08
nvd
nvd
CVE-2023-40694
2024-05-07 21:15:08
cvelist
cvelist
CVE-2023-40694 IBM Watson CP4D Data Stores information disclosure
2024-05-07 21:09:08

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

5.9

Confidence

Low

EPSS

0

Percentile

9.0%

JSON
Related for C85F5633C755A2A3CF7941EFEDA03B1D2B3486A067A6CDAAB2B4CEC2BA3D70AB
cve1vulnrichment1nvd1cvelist1