Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM80E1282AE17F445BBF96804E0A6740F69A92720C34F408C6044256BE7BC9942E
HistorySep 05, 2024 - 5:58 p.m.

Security Bulletin: Vulnerability in Airlift aircompressor affects watsonx.data

2024-09-0517:58:11
www.ibm.com
3
airlift aircompressor
vulnerability
watsonx.data
out-of-bounds flaw
information security
jvm crash

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

AI Score

5.8

Confidence

High

JSON

Summary

Airlift aircompressor could allow a local attacker to obtain sensitive information, caused by an out-of-bounds read/write flaw in the decompressor implementations. This can affect watsonx.data.

Vulnerability Details

CVEID:CVE-2024-36114
**DESCRIPTION:**airlift aircompressor could allow a local attacker to obtain sensitive information, caused by an out-of-bounds read/write flaw in the decompressor implementations. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information and crash the JVM.
CVSS Base score: 8.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/292728 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
watsonx.data 2.0.0 - 2.0.1

Remediation/Fixes

The product needs to be installed or upgraded to the latest available level watsonx.data 2.0.2 or watsonx.data on CPD 5.0.2. Installation/upgrade instructions can be found here: <https://www.ibm.com/docs/en/watsonx/watsonxdata/2.0.x?topic=deployment-installing.&gt;

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmibm_watsonx_subscriptionMatch2.0.0
OR
ibmibm_watsonx_subscriptionMatch2.0.1
VendorProductVersionCPE
ibmibm_watsonx_subscription2.0.0cpe:2.3:a:ibm:ibm_watsonx_subscription:2.0.0:*:*:*:*:*:*:*
ibmibm_watsonx_subscription2.0.1cpe:2.3:a:ibm:ibm_watsonx_subscription:2.0.1:*:*:*:*:*:*:*

Related

osv 4
nvd 1
cvelist 1
vulnrichment 1
cve 1
wolfi 1
github 1
veracode 1
ibm 1
osv
osv
Decompressors can crash the JVM and leak memory content in Aircompressor
2024-06-02 22:30:02
CVE-2024-36114
2024-05-29 21:15:49
CGA-j9vp-fhqv-x9mf
2024-06-19 07:36:56
nvd
nvd
CVE-2024-36114
2024-05-29 21:15:49
cvelist
cvelist
CVE-2024-36114 Decompressors can crash the JVM and leak memory content in Aircompressor
2024-05-29 20:24:53
vulnrichment
vulnrichment
CVE-2024-36114 Decompressors can crash the JVM and leak memory content in Aircompressor
2024-05-29 20:24:53
cve
cve
CVE-2024-36114
2024-05-29 21:15:49
wolfi
wolfi
CVE-2024-36114 vulnerabilities
2024-09-19 09:11:50
github
github
Decompressors can crash the JVM and leak memory content in Aircompressor
2024-06-02 22:30:02
veracode
veracode
Denial Of Service (DoS) / Information Disclosure
2024-05-30 06:07:00
ibm
ibm
Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps
2024-07-31 19:41:25

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

AI Score

5.8

Confidence

High

JSON
Related for 80E1282AE17F445BBF96804E0A6740F69A92720C34F408C6044256BE7BC9942E
osv4nvd1cvelist1vulnrichment1cve1wolfi1github1veracode1ibm1