Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Apache UIMA Java SDK arbitrary code execution vulnerability ( CVE-2023-39913)

Summary Potential Apache UIMA Java SDK arbitrary code execution vulnerability has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-39913...

CVE-2023-39913 Apache UIMA Java SDK Core, Apache UIMA Java SDK CPE, Apache UIMA Java SDK Vinci adapter, Apache UIMA Java SDK tools: Potential untrusted code execution when deserializing certain binary CAS formats

Deserialization of Untrusted Data, Improper Input Validation vulnerability in Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK.This issue affects Apache UIMA Java SDK: before 3.5.0. Users are recommended to upgrade to version 3.5.0, which fixes the issue. The...

PT-2023-27148 · Oracle +1 · Java +1

Name of the Vulnerable Software and Affected Versions: Apache UIMA Java SDK versions prior to 3.5.0 Description: The issue is related to the deserialization of untrusted data and improper input validation in the Apache UIMA Java SDK. This affects several locations in the code, including the...