IBMA090BEEEF32298A01213B493E70B51E36C75D72B46FA1F783859013A53EC7AF6Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
AI Score
Confidence
High
EPSS
Percentile
47.9%
Summary
IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Node.js
Vulnerability Details
CVEID:CVE-2024-33883
**DESCRIPTION:**Node.js ejs module is vulnerable to a denial of service, caused by a prototype pollution flaw. By adding or modifying properties of Object.prototype using a proto or constructor payload, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/289643 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| ICP - Discovery | 4.0.0 - 5.0.0 |
Remediation/Fixes
Upgrade to IBM Watson Discovery 5.0.1 and <https://cloud.ibm.com/docs/discovery-data?topic=discovery-data-install>
Workarounds and Mitigations
None
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | watson_discovery | 4.0.0 | cpe:2.3:a:ibm:watson_discovery:4.0.0:*:*:*:*:*:*:* |
| ibm | watson_discovery | 5.0.1 | cpe:2.3:a:ibm:watson_discovery:5.0.1:*:*:*:*:*:*:* |
Related
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
AI Score
Confidence
High
EPSS
Percentile
47.9%