CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS
Percentile
71.8%
Watson Gateway is an internal component, it does not expose any APIs externally. If a remote attacker gained access to the internal CP4D cluster, they could exploit this potential vulnerability to execute arbitrary code on the system or cause a denial of service.
CVEID:CVE-2023-0286
**DESCRIPTION:**OpenSSL is vulnerable to a denial of service, caused by a type confusion error related to X.400 address processing inside an X.509 GeneralName. By passing arbitrary pointers to a memcmp call, a remote attacker could exploit this vulnerability to read memory contents or cause a denial of service.
CVSS Base score: 8.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/246611 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
Watson AI Gateway for Cloud Pak for Data | Gateway Operator:1.0.16 |
Watson AI Gateway is an internal dependency to Watson Services for Cloud Pak for Data. See the Service documentation at:
<https://www.ibm.com/docs/en/cloud-paks/cp-data/4.6.x>
A fix for this has been put into Gateway Core v3.10.4
It will be included in the next release of the Gateway Operator: 1.0.17 in the 4.6.5 Cloud Pak for Data releases.
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | watson_developer_cloud | 4.6.0 | cpe:2.3:a:ibm:watson_developer_cloud:4.6.0:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS
Percentile
71.8%