IBMCC7CF135C46BFEF204E65CC6AC73C3D709751B161660A8AA0F77F324DCA79D7CSecurity Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Tensorflow
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:L
AI Score
Confidence
High
Summary
IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Tensorflow
Vulnerability Details
CVEID:CVE-2023-30767
**DESCRIPTION:**Intel Optimization for TensorFlow could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper bounds checking. An attacker could exploit this vulnerability to gain elevated privileges.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/282998 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:L)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| ICP - Discovery | 4.0.0 - 4.8.6 |
| ICP - Discovery | 5.0.0 - 5.0.2 |
Remediation/Fixes
Upgrade to IBM Watson Discovery 4.8.7/5.0.3 and <https://cloud.ibm.com/docs/discovery-data?topic=discovery-data-install>
Workarounds and Mitigations
None
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | watson_discovery | 4.0.0 | cpe:2.3:a:ibm:watson_discovery:4.0.0:*:*:*:*:*:*:* |
| ibm | watson_discovery | 5.0.0 | cpe:2.3:a:ibm:watson_discovery:5.0.0:*:*:*:*:*:*:* |
| ibm | watson_discovery | 4.8.6 | cpe:2.3:a:ibm:watson_discovery:4.8.6:*:*:*:*:*:*:* |
| ibm | watson_discovery | 5.0.2 | cpe:2.3:a:ibm:watson_discovery:5.0.2:*:*:*:*:*:*:* |
Related
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:L
AI Score
Confidence
High