Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in pypdf-6.6.2-py3-none-any.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in pypdf-6.6.2-py3-none-any.whl Vulnerability Details CVEID:CVE-2026-27024 DESCRIPTION: pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to ...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in wheel-0.45.1-py3-none-any.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in wheel-0.45.1-py3-none-any.whl Vulnerability Details CVEID:CVE-2026-24049 DESCRIPTION: wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in brace-expansion-1.1.12.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in brace-expansion-1.1.12.tgz Vulnerability Details CVEID:CVE-2026-33750 DESCRIPTION: The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, ...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability intomcat-embed-core-10.1.42.jar

Summary IBM Watson Discovery Cartridge affected by vulnerability intomcat-embed-core-10.1.42.jar Vulnerability Details CVEID:CVE-2025-55752 DESCRIPTION: Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a regression where the rewritten URL was normalized...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in urllib3-1.26.20-py2.py3-none-any.whl

Summary IBM Watson Discovery Cartridge contains a vulnerable version of urllib3-1.26.20-py2.py3-none-any.whl Vulnerability Details CVEID:CVE-2025-50181 DESCRIPTION: urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in eslint-config-prettier

Summary IBM Watson Discovery Cartridge contains a vulnerable version of eslint-config-prettier Vulnerability Details CVEID:CVE-2025-54313 DESCRIPTION: eslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package...

Security Bulletin: IBM Watson Discovery Catridge affected by vulnerability in tomcat-embed-core-10.1.35.jar

Summary IBM Watson Discovery Catridge contains a vulnerable version of tomcat-embed-core-10.1.35.jar Vulnerability Details CVEID:CVE-2025-46701 DESCRIPTION: Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in multer-1.4.4-lts.1.tgz

Summary IBM Watson Discovery Cartridge contains a vulnerable version of multer-1.4.4-lts.1.tgz Vulnerability Details CVEID:CVE-2025-48997 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in runtime-7.22.3.tgz

Summary IBM Watson Discovery Cartridge contains a vulnerable version of runtime-7.22.3.tgz Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for writing next generation JavaScript. When using versions of Babel prior to 7.26.10 and 8.0.0-alpha.17 to compile regular...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in http-proxy-middleware-2.0.7.tgz

Summary IBM Watson Discovery Cartridge contains a vulnerable version of http-proxy-middleware-2.0.7.tgz Vulnerability Details CVEID:CVE-2025-32997 DESCRIPTION: In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5, fixRequestBody proceeds even if bodyParser has failed. CWE:CWE-754: Improper...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in IBM WebSphere Application Server Liberty

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of IBM WebSphere Application Server Liberty Vulnerability Details CVEID:CVE-2023-50314 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in rexml-3.2.8

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of rexml-3.2.8 Vulnerability Details CVEID:CVE-2024-39908 DESCRIPTION: Ruby REXML is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw. By sending a specially crafted request...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Express.js

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Express.js Vulnerability Details CVEID:CVE-2024-29041 DESCRIPTION: Express.js Express could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could...

Security Bulletin: Multiple vulnerabilities present in IBM Answer Retrieval for Watson Discovery versions 2.17 and earlier

Summary This fix upgrades to Websphere Liberty 24.0.0.6, socket.io 3.0.2, and grpc-js 1.8.22. Websphere Liberty is used by the IBM Answer Retrieval for Watson Discovery swagger microservice. Socket.io and grpc-js are used by the IBM Answer Retrieval for Watson Discovery user interfaces for...

Security Bulletin: Multiple vulnerabilities present in IBM Answer Retrieval for Watson Discovery versions 2.15 and earlier

Summary This fix upgrades to Node.js 18.19.1. Node.js is used by all IBM Answer Retrieval for Watson Discovery user interfaces. There are two categories of vulnerabilities addressed. The first allows remote attackers to gain access to the system, bypassing security restrictions. The second makes...

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Apache Derby

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Apache Derby. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2022-46337 DESCRIPTION: Apache Derby could allow a remote attacker to bypass...

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Apache Derby

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Apache Derby. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2022-46337 DESCRIPTION: Apache Derby could allow a remote attacker to bypass...

Security Bulletin: Multiple vulnerabilities present in IBM Answer Retrieval for Watson Discovery versions 2.14 and earlier

Summary This fix upgrades to node 18.19.0. Vulnerability Details CVEID:CVE-2023-39332 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by a path traversal bypass using non-Buffer Uint8Array objects. By sending a specially crafted request, an attacker coul...

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Python Cryptographic Authority cryptography

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Python Cryptographic Authority cryptography. Vulnerability Details CVEID:CVE-2023-38325 DESCRIPTION: Python Cryptographic Authority cryptography could provide weaker than expected security, caused b...

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Okio GzipSource

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Okio GzipSource. Vulnerability Details CVEID:CVE-2023-3635 DESCRIPTION: Okio GzipSource is vulnerable to a denial of service, caused by unhandled exception. By sending a specially crafted gzip buffe...