Lucene search
K

8 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/03/19 8:32 p.m.65 views

Security Bulletin: Multiple vulnerabilities present in IBM Answer Retrieval for Watson Discovery versions 2.15 and earlier

Summary This fix upgrades to Node.js 18.19.1. Node.js is used by all IBM Answer Retrieval for Watson Discovery user interfaces. There are two categories of vulnerabilities addressed. The first allows remote attackers to gain access to the system, bypassing security restrictions. The second makes...

9.8CVSS8AI score0.03168EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/19 6:1 p.m.59 views

Security Bulletin: Multiple vulnerabilities present in IBM Answer Retrieval for Watson Discovery versions 2.14 and earlier

Summary This fix upgrades to node 18.19.0. Vulnerability Details CVEID:CVE-2023-39332 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by a path traversal bypass using non-Buffer Uint8Array objects. By sending a specially crafted request, an attacker coul...

9.8CVSS7AI score0.01819EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/08 10:22 p.m.61 views

Security Bulletin: Multiple vulnerabilities present in IBM Answer Retrieval for Watson Discovery versions 2.12 and earlier

Summary This fix upgrades to node 18.16.1. Vulnerability Details CVEID:CVE-2023-30584 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by a path traversal bypass when verifying file permissions. By sending a specially crafted request, an attacker could...

7.7CVSS7.8AI score0.03906EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/20 3:24 p.m.42 views

Security Bulletin: Multiple vulnerabilities present in IBM Answer Retrieval for Watson Discovery versions 2.11 and earlier

Summary This fix upgrades to grpc 1.55.1, jersey 2.39.1, jackson 2.15.2, and socket.io 4.6.2. Vulnerability Details CVEID:CVE-2023-31125 DESCRIPTION: Engine.IO is vulnerable to a denial of service, caused by an uncaught exception. By sending a specially crafted HTTP request, a remote authenticate...

7.5CVSS6.8AI score0.01327EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/15 5:24 p.m.52 views

Security Bulletin: Multiple vulnerabilities present in IBM Answer Retrieval for Watson Discovery versions 2.10 and earlier

Summary This fix upgrades to nodejs 14.21.3. Vulnerability Details CVEID:CVE-2023-23918 DESCRIPTION: Node.js could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw when enable the experimental permissions option with --experimental-policy. By sending a...

7.5CVSS6.8AI score0.02209EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/09 6:12 p.m.59 views

Security Bulletin: Multiple vulnerabilities present in IBM Answer Retrieval for Watson Discovery versions 2.9 and earlier

Summary This fix upgrades to socket.io 4.5.4, protobuf-java 3.21.9 and nodejs 14.21.1. Vulnerability Details CVEID:CVE-2022-41940 DESCRIPTION: Socket.IO Engine.IO is vulnerable to a denial of service, caused by an uncaught exception flaw. By sending a specially-crafted HTTP request, a remote...

10CVSS8.1AI score0.14024EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/27 3:18 p.m.45 views

Security Bulletin: Multiple vulnerabilities present in IBM Answer Retrieval for Watson Discovery versions 2.8 and earlier

Summary This fix upgrades to Websphere Liberty 22.0.0.10, NodeJs 14.20.1, Jackson 2.14.0-rc1, Protobuf 3.16.3, Apache commons-text 1.10.0 Vulnerability Details CVEID:CVE-2022-35256 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by the failure to correctly handle header field...

9.8CVSS9.1AI score0.99931EPSS
Exploits46Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/12 6:46 p.m.37 views

Security Bulletin: IBM Answer Retrieval for Watson Discovery is vulnerable to HTTP request smuggling due to NodeJS

Summary NodeJS is used by IBM Answer Retrieval for Watson Discovery. The fix upgrades to NodeJS 14.20.0 Vulnerability Details CVEID: CVE-2022-32212 DESCRIPTION: Node.js could allow a remote attacker to execute arbitrary code on the system, caused by the failure to properly check if an IP address ...

8.1CVSS0.9AI score0.77278EPSS
Exploits5Affected Software1
Rows per page
Query Builder