Lucene search
IBM1216BEFCC877765223CE187EEB457AD44E77DE77B9A00DFE2C29DBD67EE87D6CHistoryDec 20, 2019 - 9:29 p.m.
Security Bulletin: Vulnerabilities in Apache Commons Compress affects IBM Watson Studio Local
2019-12-2021:29:29
www.ibm.com
11
0.005 Low
EPSS
Percentile
76.3%
Summary
Vulnerabilities in Apache Commons Compress affects IBM Watson Studio Local
Vulnerability Details
CVEID:CVE-2019-12402
**DESCRIPTION:**The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/165956 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Watson Studio - Local | 1.2.3 |
Remediation/Fixes
| Product | VRMF | Remediation/First Fix |
|---|---|---|
| IBM Watson Studio Local | 2.1 | <https://www.ibm.com/software/passportadvantage/pao_customer.html> |
| IBM Cloud Pak for Data | 2.5 | <https://www.ibm.com/software/passportadvantage/pao_customer.html> |
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm watson studio local | eq | 1.2.3 |
Related
ibm
ibm
github
github
Denial of Service in Apache Commons Compress
2019-10-11 18:41:08
cvelist
cvelist
CVE-2019-12402
2019-08-29 00:00:00
osv
osv
Denial of Service in Apache Commons Compress
2019-10-11 18:41:08
CVE-2019-12402
2019-08-30 09:15:17
nessus
nessus
Fedora 30 : apache-commons-compress (2019-c96a8d12b0)
2019-10-28 00:00:00
Fedora 31 : apache-commons-compress (2019-da0eac1eb6)
2019-10-28 00:00:00
Oracle WebCenter Portal Multiple Vulnerabilities (Apr 2021 CPU)
2021-04-22 00:00:00
nvd
nvd
CVE-2019-12402
2019-08-30 09:15:17
redhatcve
redhatcve
CVE-2019-12402
2019-12-29 09:46:38
prion
prion
Code injection
2019-08-30 09:15:00
cve
cve
CVE-2019-12402
2019-08-30 09:15:17
openvas
openvas
Fedora Update for apache-commons-compress FEDORA-2019-c96a8d12b0
2019-10-26 00:00:00
Mageia: Security Advisory (MGASA-2020-0001)
2022-01-28 00:00:00
Fedora Update for apache-commons-compress FEDORA-2019-da0eac1eb6
2020-01-09 00:00:00
debiancve
debiancve
CVE-2019-12402
2019-08-30 09:15:17
fedora
fedora
[SECURITY] Fedora 31 Update: apache-commons-compress-1.19-1.fc31
2019-10-26 17:36:33
[SECURITY] Fedora 30 Update: apache-commons-compress-1.19-1.fc30
2019-10-25 17:04:00
veracode
veracode
Denial Of Service (Dos)
2019-08-28 04:19:27
ubuntucve
ubuntucve
CVE-2019-12402
2019-08-30 00:00:00
mageia
mageia
Updated apache-commons-compress- packages fix security vulnerability
2020-01-05 18:37:51
redhat
redhat
(RHSA-2021:3140) Moderate: Red Hat Fuse 7.9.0 release and security update
2021-08-11 18:18:10
oracle
oracle
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00
Oracle Critical Patch Update Advisory - January 2021
2021-01-19 00:00:00
Oracle Critical Patch Update Advisory - July 2021
2021-07-20 00:00:00
0.005 Low
EPSS
Percentile
76.3%
Related for 1216BEFCC877765223CE187EEB457AD44E77DE77B9A00DFE2C29DBD67EE87D6C