Lucene search

K
ibmIBMDFDB6EBDEB9B5AF4FFCE2ABE96BD529798AC130193EB8A183EEFD99BB08E29BF
HistorySep 20, 2024 - 9:15 p.m.

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in setuptools

2024-09-2021:15:54
www.ibm.com
10
ibm watson discovery
ibm cloud pak for data
vulnerability
setuptools
remote code execution
upgrade
icp - discovery
4.8.7
5.0.3

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

Summary

IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of setuptools

Vulnerability Details

CVEID:CVE-2024-6345
**DESCRIPTION:**pypa/setuptools could allow a remote attacker to execute arbitrary code on the system, caused by an error in the package_index module. By persuading a victim to click a specially crafted URL, an attacker could exploit this vulnerability using its download functions to inject and execute arbitrary code on the system.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/298014 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
ICP - Discovery 4.0.0 - 4.8.6
ICP - Discovery 5.0.0 - 5.0.2

Remediation/Fixes

Upgrade to IBM Watson Discovery 4.8.7 or 5.0.3 and <https://cloud.ibm.com/docs/discovery-data?topic=discovery-data-install&gt;

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmwatson_discoveryMatch4.0.0
OR
ibmwatson_discoveryMatch4.8.6
OR
ibmwatson_discoveryMatch5.0.0
OR
ibmwatson_discoveryMatch5.0.2
VendorProductVersionCPE
ibmwatson_discovery4.0.0cpe:2.3:a:ibm:watson_discovery:4.0.0:*:*:*:*:*:*:*
ibmwatson_discovery4.8.6cpe:2.3:a:ibm:watson_discovery:4.8.6:*:*:*:*:*:*:*
ibmwatson_discovery5.0.0cpe:2.3:a:ibm:watson_discovery:5.0.0:*:*:*:*:*:*:*
ibmwatson_discovery5.0.2cpe:2.3:a:ibm:watson_discovery:5.0.2:*:*:*:*:*:*:*

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High