IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Apache Tika.
CVEID:CVE-2020-9489
**DESCRIPTION:**Apache Tika is vulnerable to a denial of service, caused by an out of memory error and infinite loop flaw in the ICNSParser, MP3Parser, MP4Parser, SAS7BDATParser, OneNoteParser and ImageParser. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/180712 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID:CVE-2020-1951
**DESCRIPTION:**Apache Tika is vulnerable to a denial of service, caused by an error in the PSDParser. By persuading a victim to open a specially-crafted PSD file, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/178089 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID:CVE-2020-1950
**DESCRIPTION:**Apache Tika is vulnerable to a denial of service, caused by an excessive memory usage flaw in the PSDParser. By persuading a victim to open a specially-crafted PSD file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/178088 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
Affected Product(s) | Version(s) |
---|---|
ICP - Discovery | 2.0.0-2.1.2 |
Upgrade to IBM Watson Discovery 2.1.3
<https://cloud.ibm.com/docs/discovery-data?topic=discovery-data-install>
None
CPE | Name | Operator | Version |
---|---|---|---|
watson discovery | eq | 2.0.0 | |
watson discovery | eq | 2.1.2 |