Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM98E790BB04C04429A117CD716BBD2F338208EDD76B0775A28921DFAD56715A85
HistoryMar 30, 2022 - 3:21 p.m.

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Spring

2022-03-3015:21:20
www.ibm.com
13

0.001 Low

EPSS

Percentile

22.7%

JSON

Summary

IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Spring.

Vulnerability Details

CVEID:CVE-2021-22060
**DESCRIPTION:**VMware Tanzu Spring Framework could allow a remote authenticated attacker to bypass security restrictions, caused by improper input validation. By sending a specially-crafted request, an attacker could exploit this vulnerability to insert additional log entries.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217183 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
Watson Discovery 4.0.0-4.0.6
Watson Discovery 2.0.0-2.2.1

Remediation/Fixes

Upgrade to IBM Watson Discovery 4.0.7

Upgrade to IBM Watson Discovery 2.2.1 and apply cpd-watson-discovery-2.2.1-patch-9

<https://cloud.ibm.com/docs/discovery-data?topic=discovery-data-install&gt;

<https://www.ibm.com/support/pages/available-patches-watson-discovery-ibm-cloud-pak-data&gt;

Workarounds and Mitigations

None

Related

ibm 12
cnvd 1
ubuntucve 1
osv 2
cvelist 1
github 1
nvd 1
cve 1
debiancve 1
prion 1
redhatcve 1
redhat 1
ibm
ibm
Security Bulletin: Vulnerability in [All] Spring Framework - CVE-2021-22060 (Publicly disclosed vulnerability) impacts IBM Watson Machine Learning Accelerator
2022-03-23 02:33:36
Security Bulletin: IBM Sterling B2B Integrator vulnerable to security bypass due to Spring Framework (CVE-2021-22060)
2022-10-17 12:56:54
Security Bulletin: Vulnerability exists for Spring Framework in Watson Explorer (CVE-2021-22060, CVE-2022-22965, CVE-2022-22950)
2022-04-22 11:43:07
cnvd
cnvd
Vmware Spring Framework has an unspecified vulnerability
2022-01-10 00:00:00
ubuntucve
ubuntucve
CVE-2021-22060
2022-01-10 00:00:00
osv
osv
CVE-2021-22060
2022-01-10 14:10:16
Log entry injection in Spring Framework
2022-01-12 23:04:06
cvelist
cvelist
CVE-2021-22060
2022-01-07 22:39:55
github
github
Log entry injection in Spring Framework
2022-01-12 23:04:06
nvd
nvd
CVE-2021-22060
2022-01-10 14:10:16
cve
cve
CVE-2021-22060
2022-01-10 14:10:16
debiancve
debiancve
CVE-2021-22060
2022-01-10 14:10:16
prion
prion
Design/Logic Flaw
2022-01-10 14:10:00
redhatcve
redhatcve
CVE-2021-22060
2022-02-17 04:30:23
redhat
redhat
(RHSA-2022:5532) Important: Red Hat Fuse 7.11.0 release and security update
2022-07-07 14:16:35

0.001 Low

EPSS

Percentile

22.7%

JSON
Related for 98E790BB04C04429A117CD716BBD2F338208EDD76B0775A28921DFAD56715A85
ibm12cnvd1ubuntucve1osv2cvelist1github1nvd1cve1debiancve1prion1redhatcve1redhat1