Lucene search

IBM0947A467F149411F5A737E1AD20967E441ABD5EA2D9B0D3D50EEA147D4326416

HistoryNov 30, 2021 - 4:27 p.m.

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Axios

2021-11-3016:27:03

www.ibm.com

0.019 Low

EPSS

Percentile

88.6%

JSON

Summary

IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Axios.

Vulnerability Details

CVEID:CVE-2021-3749
**DESCRIPTION:**axios is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the trim function. By sending a specially-crafted regex input, a remote attacker could exploit this vulnerability to cause an application to consume an excessive amount of CPU.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/208438 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s)	Version(s)
Watson Discovery	4.0.0-4.0.2
Watson Discovery	2.0.0-2.2.1

Remediation/Fixes

Upgrade to IBM Watson Discovery 4.0.3

Upgrade to IBM Watson Discovery 2.2.1 and apply cpd-watson-discovery-2.2.1-patch-5

<https://cloud.ibm.com/docs/discovery-data?topic=discovery-data-install>

<https://www.ibm.com/support/pages/available-patches-watson-discovery-ibm-cloud-pak-data>

Workarounds and Mitigations

None

CPENameOperatorVersion
watson discoveryeq4.0.0
watson discoveryeq4.0.2
watson discoveryeq2.0.0
watson discoveryeq2.2.1

Name	Operator	Version
watson discovery	eq	4.0.0
watson discovery	eq	4.0.2
watson discovery	eq	2.0.0
watson discovery	eq	2.2.1

0.019 Low

EPSS

Percentile

88.6%

JSON

Related for 0947A467F149411F5A737E1AD20967E441ABD5EA2D9B0D3D50EEA147D4326416