Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM928D28072FD015B7D44D3931A86FE158B08164A6EA86B8591B6C51D3CCE57A92
HistoryJan 03, 2024 - 6:58 a.m.

Security Bulletin: PyTorch vulnerability affects IBM Watson Machine Learning in Cloud Pak for Data [CVE-2022-45907]

2024-01-0306:58:36
www.ibm.com
11
pytorch
ibm watson
cloud pak
remote code execution
vulnerability
upgrade

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

Low

EPSS

0.002

Percentile

61.3%

JSON

Summary

PyTorch vulnerability affects IBM Watson Machine Learning in Cloud Pak for Data. The vulnerabilty is addressed below.

Vulnerability Details

CVEID:CVE-2022-45907
**DESCRIPTION:**PyTorch could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the orch.jit.annotations.parse_type_line function. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/241077 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
WML-CPD 4.6.0 and 4.7.0 releases and fixpacks

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now by upgrading.

Affected Product(s) Version(s) Remediation/Fix
Watson Machine Learning on Cloud Pak for Data 4.6.0 and 4.7.0 releases and fixpacks Get the latest Watson Machine Learning by upgrading to 4.8.0. Details here .

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmwatson_machine_learning_on_cloud_pak_for_dataMatch4.6.
OR
ibmwatson_machine_learning_on_cloud_pak_for_dataMatch4.7.
VendorProductVersionCPE
ibmwatson_machine_learning_on_cloud_pak_for_data4.6.cpe:2.3:a:ibm:watson_machine_learning_on_cloud_pak_for_data:4.6.:*:*:*:*:*:*:*
ibmwatson_machine_learning_on_cloud_pak_for_data4.7.cpe:2.3:a:ibm:watson_machine_learning_on_cloud_pak_for_data:4.7.:*:*:*:*:*:*:*

Related

prion 1
ibm 6
cve 1
osv 4
nvd 1
cvelist 1
debiancve 1
github 1
ubuntucve 1
veracode 1
prion
prion
Code injection
2022-11-26 02:15:00
ibm
ibm
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to arbitrary code execution due to [CVE-2022-45907]
2023-02-10 09:38:41
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution in PyTorch [CVE-2022-45907]
2023-06-28 19:47:34
Security Bulletin: PyTorch is vulnerable to CVE-2022-45907 used in IBM Maximo Application Suite - Monitor Component
2023-05-17 19:00:34
cve
cve
CVE-2022-45907
2022-11-26 02:15:10
osv
osv
CVE-2022-45907
2022-11-26 02:15:10
PYSEC-2022-43015
2022-11-26 02:15:00
BIT-pytorch-2022-45907
2024-03-06 11:02:51
nvd
nvd
CVE-2022-45907
2022-11-26 02:15:10
cvelist
cvelist
CVE-2022-45907
2022-11-26 00:00:00
debiancve
debiancve
CVE-2022-45907
2022-11-26 02:15:10
github
github
PyTorch vulnerable to arbitrary code execution
2022-11-26 03:30:27
ubuntucve
ubuntucve
CVE-2022-45907
2022-11-26 00:00:00
veracode
veracode
Arbitrary Code Execution
2022-12-05 05:12:43

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

Low

EPSS

0.002

Percentile

61.3%

JSON
Related for 928D28072FD015B7D44D3931A86FE158B08164A6EA86B8591B6C51D3CCE57A92
prion1ibm6cve1osv4nvd1cvelist1debiancve1github1ubuntucve1veracode1