Lucene search

IBM7D19BE2E75AFE0363AE99BF9D64FED0F3D1FC63CC2BCB0D5191438B2B9701F19

HistoryJan 31, 2024 - 10:43 p.m.

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Plugin Framework for Java (PF4J)

2024-01-3122:43:25

www.ibm.com

ibm watson discovery

ibm cloud pak for data

vulnerability

plugin framework for java

pf4j

cve-2023-40828

cve-2023-40827

cve-2023-40826

archive file

arbitrary code

directory traversal

ibm watson discovery 4.8.2

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

8.1

Confidence

Low

EPSS

0.005

Percentile

75.6%

JSON

Summary

IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Plugin Framework for Java (PF4J). This bulletin identifies the steps to take to address the vulnerabilities.

Vulnerability Details

CVEID:CVE-2023-40828
**DESCRIPTION:**Plugin Framework for Java (PF4J) could allow a remote attacker to traverse directories on the system, caused by improper input validation by the expandIfZip method in the extract function. An attacker could use a specially crafted archive file containing “dot dot” sequences (/…/) to execute arbitrary code and obtain sensitive information.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/264671 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2023-40827
**DESCRIPTION:**Plugin Framework for Java (PF4J) could allow a remote attacker to traverse directories on the system, caused by improper input validation by the loadpluginPath parameter. An attacker could use a specially crafted archive file containing “dot dot” sequences (/…/) to execute arbitrary code and obtain sensitive information.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/264670 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2023-40826
**DESCRIPTION:**Plugin Framework for Java (PF4J) could allow a remote attacker to traverse directories on the system, caused by improper input validation by the zippluginPath parameter. An attacker could use a specially crafted archive file containing “dot dot” sequences (/…/) to execute arbitrary code and obtain sensitive information.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/264669 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s)	Version(s)
Watson Discovery	4.0.0-4.8.0

Remediation/Fixes

Upgrade to IBM Watson Discovery 4.8.2

<https://cloud.ibm.com/docs/discovery-data?topic=discovery-data-install>

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmwatson_discoveryMatch4.0.0

ibmwatson_discoveryMatch4.8.0

VendorProductVersionCPE
ibmwatson_discovery4.0.0cpe:2.3:a:ibm:watson_discovery:4.0.0:*:*:*:*:*:*:*
ibmwatson_discovery4.8.0cpe:2.3:a:ibm:watson_discovery:4.8.0:*:*:*:*:*:*:*