16 matches found
Security Bulletin: IBM Cloud Pak for Data has a vulnerable base OS image due to kernel-headers ( CVE-2022-1012, CVE-2022-32250 )
Summary Kernel-headers used by IBM Cloud Pak for Data as part of the base OS image. CVE-2022-1012, CVE-2022-32250. Vulnerability Details CVEID:CVE-2022-1012 DESCRIPTION: A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb...
Security Bulletin: IBM Cloud Pak for Data is vulnerable to expose sensitive information due to RubyGems activesupport ( CVE-2023-38037 )
Summary RubyGems activesupport is used by IBM Cloud Pak for Data as part of the platform. CVE-2023-38037. Vulnerability Details CVEID:CVE-2023-38037 DESCRIPTION: RubyGems activesupport gemcould allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in the...
Security Bulletin: IBM Cloud Pak for Data is vulnerable to regular expression denial of service due to Rack ( CVE-2023-27539 )
Summary Rack is used by IBM Cloud Pak for Data as part of the platform. CVE-2023-27539. Vulnerability Details CVEID:CVE-2023-27539 DESCRIPTION: Rack is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the header parsing component. By sending a...
Security Bulletin: IBM Cloud Pak for Data is vulnerable to denial of service due to Node.js semver ( CVE-2022-25883 )
Summary Node.js semver is used by IBM Cloud Pak for Data as part of the platform. CVE-2022-25883. Vulnerability Details CVEID:CVE-2022-25883 DESCRIPTION: Node.js semver package is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the new Range...
Security Bulletin: IBM Cloud Pak for Data is vulnerable to bypass security restriction due to Node.js undici module ( CVE-2024-30261, CVE-2024-30260 )
Summary Node.js undici module is used by IBM Cloud Pak for Data as part of the platform. CVE-2024-30261, CVE-2024-30260. Vulnerability Details CVEID:CVE-2024-30261 DESCRIPTION: Node.js undici module could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw with...
Security Bulletin: IBM Cloud Pak for Data is vulnerable to security bypass due to xml2js ( CVE-2023-0842 )
Summary xml2js is used by IBM Cloud Pak for Data as part of the platform. CVE-2023-0842. Vulnerability Details CVEID:CVE-2023-0842 DESCRIPTION: xml2js could allow a remote attacker to bypass security restrictions, caused by the failure to properly validate incoming JSON keys, allowing the proto...
Security Bulletin: IBM Cloud Pak for Data is vulnerable to several issues due to go modules used in nginx ( CVE-2023-24532, CVE-2022-41724, CVE-2022-41725, CVE-2022-41723 )
Summary Nginx is used by IBM Cloud Pak for Data as part of the web interface. CVE-2023-24532, CVE-2022-41724, CVE-2022-41725, CVE-2022-41723. Vulnerability Details CVEID:CVE-2023-24532 DESCRIPTION: An unspecified error with return an incorrect result in the ScalarMult and ScalarBaseMult methods o...
Security Bulletin: IBM Cloud Pak for Data is vulnerable to denial of service due to python ( CVE-2022-45061 )
Summary Python is used by IBM Cloud Pak for Data. CVE-2022-45061. Vulnerability Details CVEID:CVE-2022-45061 DESCRIPTION: Python is vulnerable to a denial of service, caused by an unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA RFC 3490 decoder. By sendi...
Security Bulletin: IBM Cloud Pak for Data is vulnerable to signature forgery attack due to browserify-sign ( CVE-2023-46234 )
Summary Package browserify-sign is used by IBM Cloud Pak for Data. CVE-2023-46234. Vulnerability Details CVEID:CVE-2023-46234 DESCRIPTION: browserify browserify-sign could allow a remote attacker to bypass security restrictions, caused by an upper bound check issue in the dsaVerify function. By...
Security Bulletin: IBM Cloud Pak for Data is vulnerable to bypass SAML authentication due to passport-saml ( CVE-2022-39299 )
Summary Passport-saml is used by IBM Cloud Pak for Data for SAML authentication. CVE-2022-39299. Vulnerability Details CVEID:CVE-2022-39299 DESCRIPTION: Node.js passport-saml module could allow a remote attacker to bypass security restrictions, caused by improper verification of cryptographic...
Security Bulletin: IBM Cloud Pak for Data is vulnerable due to lua-resty (CVE-2024-33531)
Summary Lua is used by IBM Cloud Pak for Data as part of the web interface. CVE-2024-33531 Vulnerability Details CVEID:CVE-2024-33531 DESCRIPTION: lua-resty-jwt could allow a remote attacker to bypass security restrictions, caused by improper authentication validation. By sending a specially...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js - follow-redirects-1.15.4
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Node.js - follow-redirects-1.15.4 Vulnerability Details CVEID:CVE-2024-28849 DESCRIPTION: Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information, caused by...
Security Bulletin: IBM Cloud Pak for Data is vulnerable to several issues due to go compiler ( CVE-2022-29804, CVE-2022-30580, CVE-2022-30629, CVE-2022-30634 )
Summary Golang compiler is used by IBM Cloud Pak for Data to build various binaries. CVE-2022-29804, CVE-2022-30580, CVE-2022-30629, CVE-2022-30634 Vulnerability Details CVEID:CVE-2022-29804 DESCRIPTION: Golang Go could allow a local attacker to bypass security restrictions, caused by a flaw in t...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in postgresql-42.3.2.jar
Summary IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in postgresql-42.3.2.jar Vulnerability Details CVEID:CVE-2024-1597 DESCRIPTION: PostgreSQL JDBC Driver PgJDBC is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements when using...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Fasterxml jackson-databind [CVE-2023-35116]
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Fasterxml jackson-databind, caused by a stack-based overflow CVE-2023-35116. Fasterxml jackson-databind is used in our Speech microservices. This vulnerabilitiy has been addressed. Plea...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to security restrictions bypass in PostgreSQL [CVE-2024-0985]
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to security restrictions bypass in PostgreSQL, caused by a flaw when running in REFRESH MATERIALIZED VIEW CONCURRENTLY CVE-2024-0985. PostgreSQL is included as part of the utilities used by our Speech Services...