Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM5A03ACC4EE458E72F2B6F1603F33343C1261EA5F582F33564953834DA6DF543A
HistoryNov 30, 2022 - 10:23 a.m.

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Ansible

2022-11-3010:23:12
www.ibm.com
12
ibm watson discovery
ibm cloud pak for data
ansible vulnerability

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

32.4%

JSON

Summary

IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Ansible.

Vulnerability Details

CVEID:CVE-2021-4041
**DESCRIPTION:**Ansible Runner could allow a local authenticated attacker to execute arbitrary code on the system, caused by improper shell escaping of the shell command. By sending a specially-crafted request using the ansible_runner.interface.run_command, an attacker could exploit this vulnerability to execute arbitrary code on the host system.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/234439 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
Watson Discovery 4.0.0-4.5.3

Remediation/Fixes

Upgrade to IBM Watson Discovery 4.6.0

<https://cloud.ibm.com/docs/discovery-data?topic=discovery-data-install&gt;

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmwatson_discoveryMatch4.0.0
OR
ibmwatson_discoveryMatch4.5.3

Related

osv 3
redhat 1
prion 1
ibm 3
cve 1
nvd 1
ubuntucve 1
nessus 1
cvelist 1
github 1
redhatcve 1
debiancve 1
veracode 1
osv
osv
ansible-runner vulnerable to shell command injection
2022-08-25 00:00:27
CVE-2021-4041
2022-08-24 16:15:09
PYSEC-2022-253
2022-08-24 16:15:00
redhat
redhat
(RHSA-2022:0108) Moderate: ansible-runner security and bug fix update
2022-01-11 20:49:29
prion
prion
Command injection
2022-08-24 16:15:00
ibm
ibm
Security Bulletin: Watson AI Gateway for Cloud Pak for Data is vulnerable to Ansible Runner code execution and could allow a local authenticated attacker to execute arbitrary code on the system, caused by improper shell escaping of the shell command.
2023-03-17 23:28:41
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is affected by multiple vulnerabilities Ansibel Runner.
2023-07-05 20:55:42
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues
2023-11-30 18:45:42
cve
cve
CVE-2021-4041
2022-08-24 16:15:09
nvd
nvd
CVE-2021-4041
2022-08-24 16:15:09
ubuntucve
ubuntucve
CVE-2021-4041
2022-08-24 00:00:00
nessus
nessus
RHEL 8 : ansible-runner (RHSA-2022:0108)
2024-04-28 00:00:00
cvelist
cvelist
CVE-2021-4041
2022-08-24 15:11:13
github
github
ansible-runner vulnerable to shell command injection
2022-08-25 00:00:27
redhatcve
redhatcve
CVE-2021-4041
2021-12-02 12:06:11
debiancve
debiancve
CVE-2021-4041
2022-08-24 16:15:09
veracode
veracode
Cross-site Scripting (XSS)
2022-01-14 06:00:47

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

32.4%

JSON
Related for 5A03ACC4EE458E72F2B6F1603F33343C1261EA5F582F33564953834DA6DF543A
osv3redhat1prion1ibm3cve1nvd1ubuntucve1nessus1cvelist1github1redhatcve1debiancve1veracode1