CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
84.1%
Watson Machine Learning Accelerator is affected by multiple json4j CVEs (CVE-2022-23529, CVE-2022-23539, CVE-2022-23540, CVE-2022-23541, CVE-2022-45690, CVE-2022-46175, CVE-2022-4742). We fixed by removing json4j.
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Affected Product(s) | Version(s) |
---|---|
Watson Machine Learning Accelerator on Cloud Pak for Data | All |
Watson Machine Learning Accelerator version 3.1.0 and above fixed json4j CVEs by replacing json4j.
1. For Watson Machine Learning Accelerator version 2.4.x, 2.5.0, 2.6.0, 3.0.0
Follow <https://www.ibm.com/docs/en/cloud-paks/cp-data/4.6.x?topic=accelerator-upgrading> to upgrade from WMLA 2.4.x/2.5.0/2.6.0/3.0.0 to WMLA 3.1.0 or above version.
2. For Watson Machine Learning Accelerator version 2.3.x
To address the affected version, first upgrade to IBM Watson Machine Learning Accelerator 2.3.5 by following the document <https://www.ibm.com/docs/en/wmla/2.3?topic=installation-install-upgrade>
Then upgrade from WMLA 2.3.5 to WMLA 3.1.0 or above version following <https://www.ibm.com/docs/en/cloud-paks/cp-data/4.6.x?topic=accelerator-upgrading>
3. For Watson Machine Learning Accelerator version 2.2.x
To address the affected version
a. upgrade to IBM Watson Machine Learning Accelerator 2.2.6 by following the document <https://www.ibm.com/docs/en/cloud-paks/cp-data/3.5.0?topic=accelerator-upgrading-watson-machine-learning>
b. upgrade from IBM Watson Machine Learning Accelerator 2.2.6 to IBM Watson Machine Learning Accelerator 2.3.1 following <https://www.ibm.com/docs/en/wmla/2.3?topic=installation-install-upgrade>
c. upgrade all the way to IBM Watson Machine Learning Accelerator 2.3.5 following <https://www.ibm.com/docs/en/wmla/2.3?topic=installation-install-upgrade>
d. upgrade from WMLA 2.3.5 to WMLA 3.1.0 or above version following <https://www.ibm.com/docs/en/cloud-paks/cp-data/4.6.x?topic=accelerator-upgrading>
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | watson_machine_learning_on_cloud_pak_for_data | any | cpe:2.3:a:ibm:watson_machine_learning_on_cloud_pak_for_data:any:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
84.1%