A weakness in generated service credentials that affects multiple Watson Developer Cloud offered through IBM Bluemix has been identified and fixed. Replacement of previously generated credentials is recommended.
CVEID: CVE-2016-0391 DESCRIPTION: Multiple Watson Developer Cloud services offered through IBM Bluemix have provided generated credentials for service authentication where a portion of the credentials for a service instance use insufficient randomness and are therefore subject to potential compromise by cryptanalysis and/or brute force attack.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112560> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
The following Watson Developer Cloud Services on Bluemix are affected:
- Concept Expansion
- Concept Insights
- Dialog
- Document Conversion
- Language Translation
- Natural Language Classifier
- Personality Insights
- Relationship Extraction
- Retrieve and Rank
- Speech to Text
- Text to Speech
- Tone Analyzer
- Tradeoff Analytics
- Visual Insights
- Visual Recognition
Replacement of previously generated credentials is recommended. Instructions can be found here.
None.