Streams service for IBM Cloud Pak for Data might be affected by some underlying Python vulnerabilities
CVEID:CVE-2020-8492
**DESCRIPTION:**Python is vulnerable to a denial of service, caused by a flaw in the urllib.request.AbstractBasicAuthHandler. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a Regular Expression Denial of Service (ReDoS).
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/175462 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2020-27619
**DESCRIPTION:**An unspecified error with CJK codec tests call eval() on content retrieved throug HTTP in multibytecodec_support.py in Python has an unknown impact and attack vector.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/190408 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Streams Cloud Private | v5 |
Streams service for IBM Cloud Pak for Data has been discontinued. If you have concerns with any outstanding security issues, please uninstall the Streams service
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm streams | eq | 5 |